Elastix Voip system 2.x , Php code injection / Data dump Exploit

Elastix is famous asterisk voip system interface dist. it's vulnerable to php code injection vuln , which can be used to dump all data including - SIP Extention Data - Plain text admin password - Moderators passwords - All trunks data - shell upload Usage Info just add the ip list to "list.txt"...

Log1 CMS writeInfo() PHP Code Injection (CVE-2011-4825)

A PHP code injection vulnerability has been reported in the "Ajax File and Image Manager" component in log1 CMS. A remote attacker could inject arbitrary PHP code into data.php via crafted parameters...

SPIP 'connect' Parameter PHP Code Injection Vulnerability (Aug 2013) - Active Check

SPIP is prone to a remote PHP code injection vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:spip:spip"; if...

OpenNetAdmin 13.03.01 - Remote Code Execution

OpenNetAdmin 13.03.01 - Remote Code Execution Exploit Title: OpenNetAdmin Remote Code Execution Date: 03/04/13 Exploit Author: Mandat0ry aka Matthew Bryant Vendor Homepage: http://opennetadmin.com/ Software Link: http://opennetadmin.com/download.html Version: 13.03.01 Tested on: Ubuntu CVE : No C...

CVE-2013-3651

LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SCCheckError.php and data/class/SCFormParam.php...

Havalite CMS 1.1.7 - Unrestricted Arbitrary File Upload

Havalite CMS 1.1.7 - Unrestricted Arbitrary File Upload ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit...

Havalite CMS 1.1.7 Shell Upload

?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : Havalite CMS Unrestricted File Upload Exploit...

230CMS Remote Code Execution Exploit

Exploit for php platform in category web applications '; $defaulttime = isset$POST'defaulttime' ? $POST'defaulttime' : 'UTC'; $dbhost = isset$POST'dbhost' ? $POST'dbhost' : 'localhost'; $dbname = isset$POST'dbname' ? $POST'dbname' : ''; $dbuser = isset$POST'dbuser' ? $POST'db...

mkCMS 3.6 PHP Code Injection

Exploit Title : mkCMS PHP Code Injection Date : 11 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://mkcms.milankragujevic.com/ Software Link : http://jaist.dl.sourceforge.net/project/milan-cms/Releases/mkCMS-v3.6.zip Version : 3.6 Tested on : Window and...

MaxForum 2.0.0 Code Injection / LFI / Disclosure

Exploit Title : MaxForum 2.0.0 Multiple Vulnerabilities Date : 9 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://sourceforge.net/projects/maxforum/ Software Link : jaist.dl.sourceforge.net/project/maxforum/2.0.0/Maxv2.0.0.zip Version : 2.0.0 Tested on :...

Lokboard 1.1 PHP Code Injection

Exploit Title : Lokboard PHP Code Injection Date : 9 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://lokboard.net/ Software Link : lokboard.net/downloads/lokboard110.zip Version : 1.1 Tested on : Window and Linux ,--^----------,--------,-----,-------^--, ...

Napata CMS 1.5.2013 PHP Code Injection Vulnerability

Napata CMS version 1.5.2013 suffers from a remote command execution vulnerability. Exploit Title : Napata CMS PHP Code Injection Date : 5 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://napata-cms.blogspot.com/ Software Link :...

Plesk Panel Apache Arbitrary PHP Code Injection

The remote host contains an Apache web server installation that is included with Parallels Plesk Panel and that is affected by a remote PHP code injection vulnerability. Due to an Apache configuration issue, a remote, unauthenticated attacker can exploit this issue by crafting a request allowing...

DataLife Engine preview.php PHP Code Injection (CVE-2013-1412)

A PHP code injection vulnerability has been reported in DataLife Engine 9.7...

HP System Management Home Page Command Injection (CVE-2013-3576)

A Remote PHP Code Injection has been reported in HP System Management. The vulnerability is due to improper input validation. A remote attacker can exploit this issue by sending a malicious request containing a specially crafted parameter to the target server. Successful exploitation would result...

Cuppa CMS Remote / Local File Inclusion Vulnerability

Cuppa CMS suffers from remote and local file inclusion vulnerabilities. Exploit Title : Cuppa CMS File Inclusion Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://www.cuppacms.com/ Software Link :...

Cuppa CMS - '/alertConfigField.php' Local/Remote File Inclusion

Exploit Title : Cuppa CMS File Inclusion Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://www.cuppacms.com/ Software Link : http://jaist.dl.sourceforge.net/project/cuppacms/cuppacms.zip Version : Beta Tested on : Window and Linux...

CMS Gratis Indonesia PHP Code Injection Vulnerability

CMS Gratis Indonesia version 2.2 Beta 1 suffers from a remote PHP code injection vulnerability. Exploit Title : CMS Gratis Indonesia PHP Code Injection Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://cmsid.org/ Software Link :...

CMS Gratis Indonesia PHP Code Injection

Exploit Title : CMS Gratis Indonesia PHP Code Injection Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://cmsid.org/ Software Link : http://jaist.dl.sourceforge.net/project/cmsid/source/2.2/cmsid-2.2-beta1.zip Version : 2.2 Beta 1 Tested on : Windo...

CMS Gratis Indonesia - config.php PHP Code Injection

CMS Gratis Indonesia - config.php PHP Code Injection source: https://www.securityfocus.com/bid/60337/info CMS Gratis Indonesia is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected...