Siemens Gigaset SE361 Wlan Reboot Exploit

Attacking port 1723flood, it restarts the device almost instantly, here's the code in PHP. It takes a few bytes for the AP to automatically restart \n"; else $trash = strrepeat"\x90","261"; fwrite$con, $trash; while !feof$con echo "$trash \r\n"; fclose$con; ?...

Siemens Gigaset SE361 WLAN - Remote Reboot (Denial of Service)

Siemens Gigaset SE361 WLAN - Remote Reboot Denial of Service Attacking port 1723flood, it restarts the device almost instantly, here's the code in PHP. It takes a few bytes for the AP to automatically restart \n"; else $trash = strrepeat"\x90","261"; fwrite$con, $trash; while !feof$con echo "$tra...

Remote file inclusion

PHP remote file inclusion vulnerability in eva/index.php in EVA CMS 2.3.1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the evacaminho parameter to index.php...

PABox管理控制面板PHP代码注入漏洞

BUGTRAQ: 8068 paBox的管理员控制面板模块在增加禁止用户访问功能上存在问题，远程攻击者可以利用这个漏洞以WEB权限在系统上执行任意命令。 用户如果可以登录管理员控制版面，由于bannedusers.php脚本对用户提交的URI变量缺少充分检查，攻击者可以通过全局注入来进行变量定义，指定远程系统中的PHP文件作为参数提交给 $file 变量，可导致以WEB进程权限执行PHP文件中包含的恶意代码。 paBox 1.6 厂商补丁： PHP Arena --------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

CVE-2009-3055

PHP remote file inclusion vulnerability in engine/api/api.class.php in DataLife Engine DLE 8.2 allows remote attackers to execute arbitrary PHP code via a URL in the dleconfigapi parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in editor/edithtmlarea.php in Ve-EDIT 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the highlighter parameter...

CVE-2009-3065

PHP remote file inclusion vulnerability in editor/edithtmlarea.php in Ve-EDIT 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the highlighter parameter...

CVE-2009-3056

PHP remote file inclusion vulnerability in include/engine/content/elements/menu.php in KingCMS 0.6.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIGAdminPath parameter...

Sql injection

SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO...

CVE-2008-7153

SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Live 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to hijack the authentication of unspecified privileged users for requests that can be leveraged to execute arbitrary PHP code...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Specimen Image Database SID, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to 1 client.php or 2 taxonservice.php...

CVE-2008-7151

Cross-site request forgery CSRF vulnerability in Live 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to hijack the authentication of unspecified privileged users for requests that can be leveraged to execute arbitrary PHP code...

Code injection

Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte %00 in the login parameter in an ajout action, which bypasses the regular expression check...

CVE-2008-7099

Unspecified vulnerability in the Manage Templates feature in Qsoft K-Rate Premium allows remote attackers to execute arbitrary PHP code via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Design/Logic Flaw

Unspecified vulnerability in the Manage Templates feature in Qsoft K-Rate Premium allows remote attackers to execute arbitrary PHP code via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-7099

Unspecified vulnerability in the Manage Templates feature in Qsoft K-Rate Premium allows remote attackers to execute arbitrary PHP code via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-7099

CVE-2008-7099 concerns a vulnerability in the Manage Templates feature of Qsoft K-Rate Premium that could allow remote attackers to execute arbitrary PHP code. The available sources identify the affected product as Qsoft K-Rate Premium and specify the vulnerability as arising in the Manage Templa...

CVE-2008-7087

PHP remote file inclusion vulnerability in searchwA.php in OpenPro 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the LIBPATH parameter...

SA-CONTRIB-2009-054 - Go - url redirects - Multiple vulnerabilities

The Go - url redirects gotwo module adds the option to add redirected URLs. This module was found to have multiple vulnerabilities. Arbitrary PHP code execution Due to improper use of the PCRE regular expression engine, users with permission to use the input filter provided by the module are able...