BigACE 1.8.2 item_main.php GLOBALS Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/19723/info Bigace is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote PHP code and execute i...

WeBid <= 1.0.2 (converter.php) Remote Code Execution Exploit

No description provided by source. ?php / ------------------------------------------------------------ WeBid = 1.0.2 converter.php Remote Code Execution Exploit ------------------------------------------------------------ author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...

LS Simple Guestbook 1.0 - Remote Code Execution Vulnerability

No description provided by source. Special Greetings To - Timq,Warpboy,The-Maggot File: index.php Affects: LS simple guestbook v1 Date: 15th April 2007 Issue Description: =========================================================================== LS simple guestbook fails to sanitize user input...

Laurent Adda Les Commentaires 2.0 PHP Script derniers_commentaires.php Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/9536/info It has been reported that Les Commentaires may be prone to a file include vulnerability in various modules, that may allow an attacker to include malicious external files containing arbitrary PHP code to be...

aWebNews 1.1 listing.php path_to_news Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/22781/info aWebNews is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the...

AlstraSoft Template Seller Pro <= 3.25 Admin Password Change Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo AlstraSoft Template Seller Pro = 3.25 Admin Password Change Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love ; if $argc4 echo Usage: php...

Barryvan Compo Manager 0.3 - 'main.php' Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28035/info Barryvan Compo Manager is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containin...

Tiki Wiki CMS Groupware <= 8.3 "unserialize()" PHP Code Execution

Tiki Wiki CMS Groupware 'unserialize'多个远程PHP代码执行漏洞 漏洞类型： 设计缺陷 漏洞成因： Tiki Wiki CMS Groupware v6.9、9.3之前版本存在安全漏洞，某些脚本对用户控制的输入使用了 "unserialize"操作，攻击者可利用此漏洞在受影响应用中注入和执行任意PHP代码。 修补建议： 更新到最新版本 http://info.tiki.org/article210-Tiki-10-0-is-here ?php /...

LokiCMS <= 0.3.3 - Remote Command Execution Exploit

No description provided by source. Author: GiReX mySite: girex.altervista.org Date: 8/04/08 CMS: LokiCMS = 0.3.3 Site: lokicms.com Bug: PHP Code Injection Exploit: Remote Command Execution Vuln Code: admin.php if $GET'default' != '' // User want's to set the default page writeconfig$cpassword,...

XCMS <= 1.83 Remote Command Execution Exploit

No description provided by source. Name : XCMS = v1.83 Remote Command Execution Vulnerability Author : x0kster Email : [email protected] Site : ihteam.net Script Download : http://www.xcms.it Date : 28/12/2007 Dork : inurl:mod=notizie The xcms's footerthat is in /dati/generali/footer.dtb is...

DieselScripts Smart Traffic Index.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19630/info Smart Traffic is prone a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious...

phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection Exploit

No description provided by source. ?php / ------------------------------------------------------------------------ phpLDAPadmin = 1.2.1.1 queryengine Remote PHP Code Injection Exploit ------------------------------------------------------------------------ author...............: EgiX...

Photokorn 1.542 Cross Site Scripting and Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/37559/info Photokorn is prone to a cross-site scripting vulnerability and a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these issues to execute...

bcoos 1.0.13 'include/common.php' Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31929/info The 'bcoos' program is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

Randshop 0.9.3/1.2 Index.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18809/info Randshop is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary...

InstantCMS 1.6 - Remote PHP Code Execution

No description provided by source. require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initializeinfo = superupdateinfoinfo, 'Name' = 'InstantCMS 1.6 Remote PHP Code Execution', 'Description' = %q This module exploits an...

Magic News Plus 1.0.2 n_layouts.php link_parameters Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/22661/info Magic News Pro is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These issues include a remote file-include issue and two cross-site...

Joomla Component com_jfuploader < 2.12 Remote File Upload

No description provided by source. ========================================================================================================= Type : Joomla Component comjfuploader 2.12 Remote File Upload Author : Setr0nix Home : www.Setr0nix.com Contact : [email protected]...

DeluxeBB 1.09 Sig.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20292/info DeluxeBB is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing...

RW::Download Stats.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18901/info RW::Download is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious...