Code injection

Static code injection vulnerability in box/minichat/boxpop.php in IT!CMS aka itcms 1.9 allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter...

La-Nai CMS <= 1.2.16 (fckeditor) Arbitrary File Upload Exploit

Exploit for unknown platform in category web applications ============================================================== La-Nai CMS = 1.2.16 fckeditor Arbitrary File Upload Exploit ============================================================== ?php /...

Lanius CMS 1.2.16 - FCKeditor Arbitrary File Upload

Lanius CMS 1.2.16 - FCKeditor Arbitrary File Upload 0 && !inarray $sExtension, $arAllowed || count$arDenied 0 && inarray $sExtension, $arDenied 63. SendResults '202' ; 64. 65. $sErr...

Lanius CMS 1.2.16 - &#039;FCKeditor&#039; Arbitrary File Upload

0 && !inarray $sExtension, $arAllowed || count$arDenied 0 && inarray $sExtension, $arDenied 63. SendResults '202' ; 64. 65. $sErrorNumber = '0'...

La-Nai CMS &lt;= 1.2.16 (fckeditor) Arbitrary File Upload Exploit

No description provided by source. ?php / -------------------------------------------------------------- La-Nai CMS = 1.2.16 fckeditor Arbitrary File Upload Exploit -------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...

cmsmadesimple-upload.txt

?php / --------------------------------------------------------------------------- CMS Made Simple = 1.2.4 FileManager module Arbitrary File Upload Exploit --------------------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...

Battle.net Clan Script 1.5.x - SQL Injection

Battle.net Clan Script 1.5.x - SQL Injection !/usr/bin/perl -w download script : http://sourceforge.net/project/showfiles.php?groupid=142506&packageid=156487 Battle.net Clan Script div Members Rank Member Name Email Date Joined ?phpmysqlselectdb$mysqldb or diemysqlerror; $sql = 'SELECT...

CMS Made Simple 1.2.4 Module FileManager - Arbitrary File Upload

?php / --------------------------------------------------------------------------- CMS Made Simple = 1.2.4 FileManager module Arbitrary File Upload Exploit --------------------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...

[ GLSA 200805-04 ] eGroupWare: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...

Unrestricted file upload

Unrestricted file upload vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request...

CVE-2008-2110

Unrestricted file upload vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request...

HLDS WebMod 0.48 (rconpass) Remote Heap Overflow Exploit

No description provided by source. ?php HLDS WebMod 0.48 rconpass Remote Heap Overflow Exploit Tested on HLDS Launcher 4.1.1.1, WebMod 0.48, Windows XP SP2 Hebrew shir, skod.uk at gmail dot com 17/12/2007 Registers rconpass = "A"x16444: EAX 67E04955 wmm.67E04955 ECX 41414141 EDX 41414141 EBX...

CVE-2008-1989

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/functions.php in Quate Grape Web Statistics 0.2a allows remote attackers to execute arbitrary PHP code via a URL in the location parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in W2B Online Banking allows remote attackers to execute arbitrary PHP code via a URL in the ilang parameter...

CVE-2008-1893

PHP remote file inclusion vulnerability in index.php in W2B Online Banking allows remote attackers to execute arbitrary PHP code via a URL in the ilang parameter...

Code injection

Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter...

CVE-2008-1860

LokiCMS versions 0.3.3 and earlier are affected by a static code injection vulnerability in admin.php, allowing remote attackers to inject arbitrary PHP into includes/Config.php via the default parameter. The issue arises from the underlying code path described in CVE-2008-1860 and is rated with ...

LightNEasy SQLite / no database &lt;= 1.2.2 Multiple Remote Vulnerabilities

No description provided by source. Author: GiReX mySite: girex.altervista.org Date: 14/04/08 CMS: LightNEasy SQLite / no database = 1.2.2 Site: lightneasy.org Advisory: Multiple Remote Vulnerabilities Need: magicquotesgpc = Off magicquotesgpc = On / Off for SQL Injections Bug 1: Remote File...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/header.inc.php in Dragoon 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter...