1414 matches found
RunCMS < 1.5.3 debug_show.php Multiple Vulnerabilities
The installed version of RunCMS fails to validate input to the 'class/debug/debugshow.php' script. An unauthenticated attacker may be able to leverage this issue to manipulate SQL queries or to determine information about local files on the affected host. %NASLMINLEVEL 70300 C Tenable Network...
mxBB Module FAQ & RULES 2.0.0 Remote File Inclusion Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? print ' mxBB Module MX Faq & Rules = 2.0.0 faq.php Remote File Include Exploit Vendor: http://www.mx-system.com/modules/mxpafiledb/dload.php?action=download&fileid=371 Bug found and Exploit by bd0rk from SOH-Crew Website1:...
DmCMS Shell Upload exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? / / DmCMS Shell Uploading / This exploit should allow you to execute commands / By : HACKERS PAL / WwW.SoQoR.NeT / echo' // / DmCMS Shell Uploading / / by HACKERS PAL [email protected] / / site: http://www.soqor.net /'; if...
meth-xss.txt
!/usr/bin/php -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =-=-=-=-=-= ISSUE: SIP protocol's fields such as From, To, Call-ID, User-Agent and many others can carry html tags, wich are shown unfiltered by the Asterisk Log File tools located at...
turbulence core.0.0.1-alpha - REMOTE FILE INCLUSION
. . . . | . .| . .;/ || .| .net | .| "turbulence core.0.0.1-alpha - REMOTE FILE INCLUSION" by Omni 1 Infos --------- Date : 2007-04-20 Product : turbulence core Version : 0.0.1 alpha Vendor : http://sourceforge.net/projects/turbulence Vendor Status : 2007-04-20 - Not Informed! 2007-04-21 - Vendor...
The United States Blizzard[World Of Warcraft] official program vulnerability-vulnerability warning-the black bar safety net
Battle.net clan management system using a MySQL backend, allowing users to easily upgrade and maintain the web site. System to achieve on exist input validation vulnerability, a remote attacker could use this vulnerability to executeSQL injectionattacks, unauthorized access to system administrati...
PunBB 1.2.14 - Remote Code Execution
PunBB 1.2.14 - Remote Code Execution !/usr/bin/php URL: http://www.acid-root.new.fr/ ----------------------------------------------------------------------- Usage: $argv0 -url -usr -pwd Options Params: -url For example http://victim.com/punBB/ -usr User account 1 post at least -pwd Password accou...
Cross site scripting
Cross-site scripting XSS vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via 1 http or 2 ftp requests logged in /var/log/directadmin/security.log; 3 allows context-dependent...
CVE-2007-1926
Cross-site scripting XSS vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via 1 http or 2 ftp requests logged in /var/log/directadmin/security.log; 3 allows context-dependent...
PT-2007-3271
Name of the Vulnerable Software and Affected Versions DirectAdmin versions prior to 1.293 Description The issue allows remote authenticated users to inject arbitrary web script or HTML via http or ftp requests logged in various log files, including /var/log/directadmin/security.log. It also enabl...
HIOX GUEST BOOK (HGB) 4.0 - Remote Code Execution
+========================I=R=A=N============================+ HGB Version 4.0 =========================I=R=A=N============================= +========================I=R=A=N============================+ Author : Dj7xpl / Dj7xplatYahoodotcom...
MyBulletinBoard (MyBB) <= 1.2.3 Remote Code Execution Exploit
No description provided by source. !/usr/bin/php ?php errorreportingEALL ^ ENOTICE; http://www.milw0rm.com/exploits/2012 They corrected not all a lot of SQL requests which use the ipaddress, with $db-escapestring. They don't corrected the function this is a choice ... the bad and they forgot to...
MyBulletinBoard (MyBB) 1.2.3 - Remote Code Execution
!/usr/bin/php escapestring. They don't corrected the function this is a choice ... the bad and they forgot to correct 1 only SQL request. They must correct the problem at the source = if$argc URL: http://www.acid-root.new.fr/ -----------------------------------------------------------------------...
BT-sondage 1.12 (gestion_sondage.php) RFI Vulnerability
No description provided by source. -------------------------------------------------------------------------------- Title : BT-Sondage-v112 Remote File Include Vulnerability -------------------------------------------------------------------------------- Author: CrackersChild cont@ct:...
Free Image Hosting <= 2.0 (AD_BODY_TEMP) Remote File Inclusion Vulns
No description provided by source. Baslik :ImageUpload Script Remote File Inclusion Exploit Free Image Hosting 2.0 .ndir : http://free-php-scripts.net/scripts/ImageUpload.zip Bulan :CrackersChild Zay.flk : tddiv align="center"?php include$ADBODYTEMP;?/div/td Exploit :...
npds-exec.txt
!/usr/bin/php Options OPTIONS | -proxy If you wanna use a proxy | -proxyauth Basic authentification ";exit1; $url = getparam'url',1; $pro = getparam'proxy'; $pra = getparam'proyauth'; $xpl = new phpsploit; $xpl-agent'Mozilla Firefox'; if$pro $xpl-proxy$pro; if$pra $xpl-proxyauth$pra; +print.php S...
W-Agora 4.2.1 - Multiple Arbitrary File Upload Vulnerabilities
W-Agora 4.2.1 - Multiple Arbitrary File Upload Vulnerabilities source: https://www.securityfocus.com/bid/23055/info w-Agora is prone to multiple arbitrary file-upload vulnerabilities. An attacker can exploit these vulnerabilities to upload PHP script code and execute it in the context of the...
Katalog Plyt Audio (pl) 1.0 - SQL Injection
126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex = '\b\d1,3.\d1,3.\d1,3.\d1,3:\d1,5\b'; function...
CVE-2007-1141
PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpscriptpath parameter. NOTE: This issue may overlap CVE-2006-0723...
SQLiteManager SQLiteManager_currentTheme Cookie Traversal Local File Inclusion
The remote host is running SQLiteManager, a web-based application for managing SQLite databases. The version of SQLiteManager installed on the remote host fails to sanitize user input to the 'SQLiteManagercurrentTheme' cookie before using it to include PHP code in 'include/config.inc.php'. An...