7205 matches found
ECShop PHP Code Execution
Securitylab.ir Application Info: Name: ecshop Version: 2.6.2 Website: http://www.ecshop.com Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: info@securitylabdotir & [email protected] =========================================================== :: integrate.php :: if...
DedeCMSV53 arbitrary variable overwrite vulnerability-vulnerability warning-the black bar safety net
DedeCMSV53 arbitrary variable overwrite vulnerability See today mrxhming students a articles http://hi.baidu.com/mrxhming/blog/item/8176f00bf540f11795ca6b3f.html find this old BUG hasn't been patched to look like, from the inside of the forum go a pp out of it, everyone is welcome to shoot the...
WP-Lytebox 'pg' Parameter Local File Inclusion
The remote host is running WP-Lytebox, a plugin for WordPress that uses Lytebox to add a lightbox functionality to HTML content. The version of WP-Lytebox installed on the remote host fails to filter user-supplied input to the 'pg' parameter of the 'main.php' script before using it to include PHP...
LimeSurvey < 1.82 Information Disclosure Vulnerability
imeSurvey is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Dokuwiki 2009-02-14 - Local File Inclusion
Dokuwiki 2009-02-14 - Local File Inclusion Author girex Homepage girex.altervista.org CMS Dokuwiki Homepage dokuwiki.org Affected versions 2009-02-14 rc2009-02-06 rc2009-01-30 Bug Local file inclusion Need registerglobals = On Vuln description File: /inc/init.php // if available load a preload...
TinyWebGallery lang Parameter Local File Inclusion
The remote host is running TinyWebGallery, a web-based photo gallery application written in PHP. The version of TinyWebGallery installed on the remote host fails to filter user-supplied input to the 'lang' parameter of the 'admin/include/init.php' script before using it to include PHP code...
LimeSurvey Information Disclosure Vulnerability
This host is running LimeSurvey and is prone to Information Disclosure vulnerability. OpenVAS Vulnerability Test $Id: secpodlimesurveyinfodiscvuln.nasl 5055 2017-01-20 14:08:39Z teissa $ LimeSurvey Information Disclosure Vulnerability Authors: Sharath S Copyright: Copyright c 2009 SecPod,...
Coppermine Photo Gallery GLOBALS[USER[lang] Parameter Local File Inclusion
The version of Coppermine Photo Gallery installed on the remote host fails to filter user-supplied input to the 'GLOBALSUSERlang' parameter of the 'index.php' script before using it to include PHP code in 'includes/init.inc.php'. Provided PHP's 'registerglobals' setting is enabled, an...
mb_ereg(i)_replace()code injection vulnerability, and extending the regular application of security-vulnerability warning-the black bar safety net
Source: http://www.80vul.com/pch/pch-003.txt mberegireplacecode injection vulnerability, and extends out of the regular application security author: ryatwolvez.org team:http://www.80vul.com date:2009-04-30 A description of the classification mberegreplaceis the support of multibyte regular...
Code injection
Static code injection vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to inject arbitrary PHP code into phpreconfig.php via the formaula parameter...
CVE-2009-1779
PHP remote file inclusion vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the formincludetemplate parameter...
Coppermine Photo Gallery 1.4.22 - SQL Injection
Coppermine Photo Gallery 1.4.22 - SQL Injection !/usr/bin/perl Coppermine Photo Gallery '; banner; $lwp-defaultheader'Accept-Language: en-us,en;q=0.5'; my $html = injrequest' WHERE x'; Wrong query to obtain an error ifnot defined $html print "- Request mistake. Exploit terminated!\n"; exit ;...
CVE-2009-1677
Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow 1 remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking...
Code injection
Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow 1 remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking...
Rama CMS <= 0.9.8 (download.php file) File Disclosure Vulnerability
No description provided by source. Start info: Script Name: Rama Zaitan Cms Script Project: http://sourceforge.net/project/showfiles.php?groupid=212495&packageid=255 590 Download: http://sourceforge.net/project/downloading.php?groupid=212495&filename=cms 975.zip&a=5782381 0.9.5 = Versions =0.9.8 ...
Harland Scripts Command Execution
?php //786 / ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || || ============================================================================== / | | || | | \ | | / ...
Rama CMS 0.9.8 File Disclosure
Start info: Script Name: Rama Zaitan Cms Script Project: http://sourceforge.net/project/showfiles.php?groupid=212495&packageid=255590 Download: http://sourceforge.net/project/downloading.php?groupid=212495&filename=cms975.zip&a=5782381 0.9.5 Vul header'Content-Disposition: attachment;...
Rama CMS 0.9.8 - 'download.php' File Disclosure
Start info: Script Name: Rama Zaitan Cms Script Project: http://sourceforge.net/project/showfiles.php?groupid=212495&packageid=255590 Download: http://sourceforge.net/project/downloading.php?groupid=212495&filename=cms975.zip&a=5782381 0.9.5 Vul header'Content-Disposition: attachment;...
Rama CMS <= 0.9.8 (download.php file) File Disclosure Vulnerability
Exploit for unknown platform in category web applications =================================================================== Rama CMS Vul header'Content-Disposition: attachment; filename='.$file; switch $GET'type' case 'Doc': header 'Content-type: application/msword'; break; case 'Excel': header...
Rama CMS 0.9.8 - download.php File Disclosure
Rama CMS 0.9.8 - download.php File Disclosure Start info: Script Name: Rama Zaitan Cms Script Project: http://sourceforge.net/project/showfiles.php?groupid=212495&packageid=255590 Download: http://sourceforge.net/project/downloading.php?groupid=212495&filename=cms975.zip&a=5782381 0.9.5 Vul...