bcoos 1.0.13 - 'common.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/31929/info The 'bcoos' program is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it i...

WebSVN <= 2.0 (XSS/FH/CE) Multiple Remote Vulnerabilities

No description provided by source. WebSVN = 2.0 Multiple Vulnerabilities October 20, 2008 Vendor : Tim Armes URL : http://websvn.tigris.org Version : WebSVN = 2.0 Risk : Multiple Vulnerabilities Description: WebSVN is an online SVN repository viewer. The description taken from the project website...

myEvent Multiple Remote Vulnerabilities

myEvent is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2008 Josh Zlatin-Amishav Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Admbook PHP Code Injection Flaw

The remote web server contains a PHP script that allows arbitrary code injection. Description : The remote host is running AdmBook, a PHP-based guestbook. The remote version of this software is prone to remote PHP code injection due to a lack of sanitization of the HTTP header 'X-Forwarded-For'...

MODX CMS < 0.9.2.2 RFI Vulnerability - Active Check

MODX CMS is prone to a remote file inclusion RFI vulnerability. SPDX-FileCopyrightText: 2008 Justin Seitz Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

websvn-xssfhce.txt

WebSVN alertdocument.cookie; A url like the one above would display a JavaScript alert window containing the cookie data of any set cookies for the domain. File Handling Issues: There are some file handling issues in the RSS functionality used by WebSVN. The issue is caused by the following bit o...

CVE-2008-4704

PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter...

WebSVN <= 2.0 (XSS/FH/CE) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ========================================================= WebSVN alertdocument.cookie; A url like the one above would display a JavaScript alert window containing the cookie data of any set cookies for the domain. File Ha...

Remote file inclusion

PHP remote file inclusion vulnerability in panel/common/theme/default/headersetup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the 1 pathdocroot and 2 component parameters...

Code injection

plugins/eventtracer/eventlist.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by createfunction...

nukeet-upload.txt

?php / --------------------------------------------------------------- Nuke ET = 3.4 fckeditor Remote Arbitrary File Upload Exploit --------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://www.truzone.org/ This PoC was...

mantis-exec.txt

?php / -------------------------------------------------------------------------------- Mantis Bug Tracker = 1.1.3 manageprojpage.php Remote Code Execution Exploit -------------------------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom...

Mantis Bug Tracker &lt;= 1.1.3 Remote Code Execution Exploit

No description provided by source. ?php / -------------------------------------------------------------------------------- Mantis Bug Tracker = 1.1.3 manageprojpage.php Remote Code Execution Exploit -------------------------------------------------------------------------------- author...: EgiX...

Mantis Bug Tracker 1.1.3 - Remote Code Execution

Mantis Bug Tracker 1.1.3 - Remote Code Execution ?php / -------------------------------------------------------------------------------- Mantis Bug Tracker = 1.1.3 manageprojpage.php Remote Code Execution Exploit --------------------------------------------------------------------------------...

Mantis Bug Tracker <= 1.1.3 Remote Code Execution Exploit

Exploit for unknown platform in category web applications ========================================================= Mantis Bug Tracker = 1.1.3 Remote Code Execution Exploit ========================================================= ?php /...

CVE-2008-4557

plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 aka Strawberry allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression...

Code injection

plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 aka Strawberry allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression...

LokiCMS 0.3.4 - writeconfig() Remote Command Execution

LokiCMS 0.3.4 - writeconfig Remote Command Execution Author: GiReX Homepage: http://girex.altervista.org CMS: LokiCMS 0.3.4 URL: http://www.lokicms.com/ Description: LokiCMS is still vulnerable to Remote Command Execution see: http://milw0rm.com/exploits/5408 The exploit changed becouse the vars...

LokiCMS 0.3.4 - &#039;writeconfig()&#039; Remote Command Execution

Author: GiReX Homepage: http://girex.altervista.org CMS: LokiCMS 0.3.4 URL: http://www.lokicms.com/ Description: LokiCMS is still vulnerable to Remote Command Execution see: http://milw0rm.com/exploits/5408 The exploit changed becouse the vars changed but the bugged function is the same:...