WordPress Admin Word Count Column 2.2 Local File Inclusion

Exploit Title: WordPress Plugin admin-word-count-column 2.2 - Local File Download Google Dork: inurl:/wp-content/plugins/admin-word-count-column/ Date: 27-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/admin-word-count-column/ Version: 2.2...

AnimaGallery 2.6 - Local File Inclusion Vulnerability

Exploit for php platform in category web applications Exploit Title: AnimaGallery 2.6 theme and lang cookie parametre Local File Include Vulnerability Date: 2015/06/07 Vendor Homepage: http://dg.no.sapo.pt/ Software Link:http://dg.no.sapo.pt/AnimaGallery2.6.zip Version: 2.6 Tested on: Centos...

AnimaGallery 2.6 - Local File Inclusion

AnimaGallery 2.6 - Local File Inclusion Exploit Title: AnimaGallery 2.6 theme and lang cookie parametre Local File Include Vulnerability Date: 2015/06/07 Vendor Homepage: http://dg.no.sapo.pt/ Software Link:http://dg.no.sapo.pt/AnimaGallery2.6.zip Version: 2.6 Tested on: Centos 6.5,php...

AnimaGallery 2.6 Local File Inclusion

Exploit Title: AnimaGallery 2.6 theme and lang cookie parameter Local File Include Vulnerability Date: 2015/06/07 Vendor Homepage: http://dg.no.sapo.pt/ Software Link:http://dg.no.sapo.pt/AnimaGallery2.6.zip Version: 2.6 Tested on: Centos 6.5,php 5.3.2,magicquotesgpc=off Category: webapps...

AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability

Exploit Title: AnimaGallery 2.6 theme and lang cookie parameter Local File Include Vulnerability Date: 2015/06/07 Vendor Homepage: http://dg.no.sapo.pt/ Software Link:http://dg.no.sapo.pt/AnimaGallery2.6.zip Version: 2.6 Tested on: Centos 6.5,php 5.3.2,magicquotesgpc=off Category: webapps...

Sendy 1.1.9.1 - SQL Injection Vulnerability

No description provided by source. Exploit Title: Sendy 1.1.9.1 - SQL Injection Vulnerability Date: 2014-04-10 Exploit Author: marduk369 Vendor Homepage: http://sendy.co/ Software Link: http://sendy.co/ Version: 1.1.9.1 root@kali: sqlmap -u 'http://server1/send-to?i=1&c=10'...

Zimplit CMS 3.0 - Multiple Vulnerabilities

No description provided by source. Exploit Title: Zimplit CMS multiple vulnerabilities Date: 2013 13 September Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage: www.zimplit.com Tested on: Linux & Windows, PHP 5.3....

couponPHP CMS 1.0 Cross Site Scripting / SQL Injection

couponPHP CMS version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities. couponPHP CMS 1.0 Multiple Stored XSS and SQL Injection Vulnerabilities Vendor: couponPHP Product web page: http://www.couponphp.com Affected version: 1.0 Summary: couponPHP is a revolutionary...

Zimplit CMS 3.0 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: Zimplit CMS multiple vulnerabilities Date: 2013 13 September Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage: www.zimplit.com Tested on: Linux & Windows, PHP 5.3.2 Affected Version : 3.0 Last...

J-Doc <= v3.2.7 Arbitrary file upload

Exploit for php platform in category web applications '@'.$filetoupload, ; curlsetopt$curl, CURLOPTPOSTFIELDS, $post; if curlexec$curl echo filegetcontents$baseurl.'divers/'.$folder.'/'.$filetocall; else die'error in the exploit'; 0day.today 2018-04-09...

CVE-2010-4700

CVE-2010-4700 concerns PHP 5.3.2/5.3.3: when using the MySQLi extension, set_magic_quotes_runtime does not interact correctly with mysqli_fetch_assoc, potentially enabling context-dependent attackers to perform SQL injection with input that was previously sanitized in earlier PHP versions. Public...

Lotus CMS Fraise 3.0 - Local File Inclusion Remote Code Execution

Lotus CMS Fraise 3.0 - Local File Inclusion Remote Code Execution !/usr/bin/python Lotus CMS Fraise v3.0 LFI - Remote Code Execution Exploit greetz Tecr0C :0 Vuln: lines 15-23 in core/lib/router.php ---------- sof //Get page request if any $page = $this-getInputString"page", "index"; //Get plugin...

Lotus CMS Fraise 3.0 Local File Inclusion / Code Execution

!/usr/bin/python Lotus CMS Fraise v3.0 LFI - Remote Code Execution Exploit greetz Tecr0C :0 Vuln: lines 15-23 in core/lib/router.php ---------- sof //Get page request if any $page = $this-getInputString"page", "index"; //Get plugin request if any $plugin = $this-getInputString"system", "Page"; //...

Lotus CMS Fraise 3.0 - Local File Inclusion / Remote Code Execution

!/usr/bin/python Lotus CMS Fraise v3.0 LFI - Remote Code Execution Exploit greetz Tecr0C :0 Vuln: lines 15-23 in core/lib/router.php ---------- sof //Get page request if any $page = $this-getInputString"page", "index"; //Get plugin request if any $plugin = $this-getInputString"system", "Page"; //...

PHP 5.x < 5.3.3 Information Disclosure Vulnerability

PHP is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

Fedora 12 : maniadrive-1.2-21.fc12 / php-5.3.2-1.fc12 (2010-4212)

This is a maintenance release in the 5.3 series, which includes a large number of bug fixes. Security Enhancements and Fixes in PHP 5.3.2: - Improved LCG entropy. Rasmus, Samy Kamkar - Fixed safemode validation inside tempnam when the directory path does not end with a /. Martin Jansen - Fixed a...

PHP 'SplObjectStorage' Unserializer Arbitrary Code Execution Vulnerability

PHP is prone to a vulnerability that an attacker could exploit to execute arbitrary code with the privileges of the user running the affected application. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Mandriva Update for php-xdebug MDVA-2010:169 (php-xdebug)

Check for the Version of php-xdebug OpenVAS Vulnerability Test Mandriva Update for php-xdebug MDVA-2010:169 php-xdebug Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

PHP http_build_query()函数中断处理地址信息泄露漏洞

CVE ID: CVE-2010-2100 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的httpbuildquery函数中存在信息泄露漏洞： PHPFUNCTIONhttpbuildquery zval formdata; char prefix = NULL, argsep=NULL; int argseplen = 0, prefixlen = 0; smartstr formstr = 0; if zendparseparametersZENDNUMARGS TSRMLSCC, "z|ss", &formdata, &prefix,...

CVE-2010-1914

The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the 1 ZENDBWXOR opcode shiftleftfunction, 2 ZENDSL opcode bitwisexorfunction, or 3 ZENDSR opcode shiftrightfunction, related to the...