XOOPS mydirname参数多个PHP代码注入漏洞

BUGTRAQ ID: 33176 Xoops是非常流行的动态web内容管理系统，用面向对象的PHP编写。...

CVE-2009-0103

Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the 1 appspathplug parameter to plugin/gateway/gnokii/init.php, the 2 appspaththemes parameter to plugin/themes/default/init.php, and the 3 appspathlibs parameter ...

XOOPS 2.3.2 (mydirname) Remote PHP Code Execution Exploit

No description provided by source. !/usr/bin/php -q ?php / XOOPS 2.3.2 mydirname Remote PHP Code Execution Exploit by athos - stakerathotmaildotit http://xoops.org thanks to s3rg3770 and The:Paradox works with register globals on note: this vuln is a remote php code execution Directory...

XOOPS 2.3.2 Code Execution Exploit

!/usr/bin/php -q 3 die"\n$num isn't a valid option\n"; else yeatshell; function yeatshell while 1 echo "yeatphp-shell$: "; $exec = stripslashestrimfgetsSTDIN; if preg...

CVE-2008-5792

PHP remote file inclusion vulnerability in showjoined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue...

CVE-2008-5789

Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator comfeederator component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the 1 mosConfigabsolutepath parameter to a addtmsp.php, b edittmsp.php and c tmsp.php in includes/tmsp...

CVE-2008-5790

Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions comcompetitions component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the 1 GLOBALSmosConfigabsolutepath parameter to a add.php and b competitions.php in includes/competitions/, and...

Flexcustomer 0.0.6 Administrative Login Bypass

START 0x01 Informations: Script : Flexcustomer Download : http://www.hotscripts.com/jump.php?listingid=25331&jumptype=1 Vulnerability : Admin Login Bypass / Possible PHP code writing Author : Osirys Contact : osirysatlivedotit Website : http://osirys.org 0x02 Bug: Admin Login Bypass Bug:...

Remote file inclusion

PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter...

CVE-2008-5764

PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter...

Flexcustomer 0.0.6 Admin Login Bypass / Possible PHP code writing Vulns

No description provided by source. START 0x01 Informations: Script : Flexcustomer Download : http://www.hotscripts.com/jump.php?listingid=25331&jumptype=1 Vulnerability : Admin Login Bypass / Possible PHP code writing Author : Osirys Contact : osirysatlivedotit Website : http://osirys.org 0x02 Bu...

YourPlace 1.0.2 Command Execution / Database Disclosure

START 0x01 Informations: Script : YourPlace 0.5 beta 1 Download : http://www.hotscripts.com/jump.php?listingid=80545&jumptype=1 Vulnerability : DB Disclosure / Arbitrary Data Saving RCE EXPLOIT / Arbitrary File Upload / PHPInfo Disclosure / User Change Account Author : Osirys Contact :...

Flexcustomer 0.0.6 Admin Login Bypass / Possible PHP code writing

Exploit for unknown platform in category web applications ================================================================= Flexcustomer 0.0.6 Admin Login Bypass / Possible PHP code writing ================================================================= START 0x01 Informations: Script :...

Flexcustomer 0.0.6 - Admin Authentication Bypass Possible PHP Code Writing

Flexcustomer 0.0.6 - Admin Authentication Bypass Possible PHP Code Writing START 0x01 Informations: Script : Flexcustomer Download : http://www.hotscripts.com/jump.php?listingid=25331&jumptype=1 Vulnerability : Admin Login Bypass / Possible PHP code writing Author : Osirys Contact :...

Flexcustomer 0.0.6 Admin Login Bypass / Possible PHP code writing

No description provided by source. START 0x01 Informations: Script : Flexcustomer Download : http://www.hotscripts.com/jump.php?listingid=25331&jumptype=1 Vulnerability : Admin Login Bypass / Possible PHP code writing Author : Osirys Contact : osirysatlivedotit Website : http://osirys.org 0x02 Bu...

ThePortal 2.2 Arbitrary Remote File Upload Exploit

No description provided by source. web apps theportal2 v2.2 Auth bypass file upload -------------------- Author: siurek22 -------------------- You need curl to run it -------------------- Code: -------------------- upload.php ?php $file=$POST'url'; $fel=explode"\n", $file; $ile=count$fel;...

Flexcustomer 0.0.6 - Admin Authentication Bypass / Possible PHP Code Writing

START 0x01 Informations: Script : Flexcustomer Download : http://www.hotscripts.com/jump.php?listingid=25331&jumptype=1 Vulnerability : Admin Login Bypass / Possible PHP code writing Author : Osirys Contact : osirysatlivedotit Website : http://osirys.org 0x02 Bug: Admin Login Bypass Bug:...

ThePortal 2.2 - Arbitrary File Upload

web apps theportal2 v2.2 Auth bypass file upload -------------------- Author: siurek22 -------------------- You need curl to run it -------------------- Code: -------------------- upload.php /textarea '; else for$i=0; $i...

Gentoo Security Advisory GLSA 200812-20 (phpcollab)

The remote host is missing updates announced in advisory GLSA 200812-20. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200812-20 (phpcollab)

The remote host is missing updates announced in advisory GLSA 200812-20. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...