halflife-dos.txt

---- Counter Strike 1.6 Denial Of Service POC ... ITDefence.ru Antichat.ru Counter Strike 1.6 Denial Of Service POC Eugene Minaev [email protected] Bug was found by Maxim Suhanov THE FUF works only with no-steam servers / \ \ \ / .\ / /// // / \ / \ // / / / /// /\ / / / / // / / / / / /\ /...

DCP-Portal <= 6.11 Remote SQL Injection Exploit

No description provided by source. !/usr/bin/php -q ?php echo "DCP Portal = 6.11 Remote SQL Injection Exploit\r\n"; echo "Coded by x0kster -x0ksterATgmailDOTcom - \r\n"; / Note : Magic Quotes = 0 Script Download : http://www.dcp-portal.org/ Bug in index.php : ?php //index.php ... 60. $sql = "SELE...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/tumbnail.php in MatPo Bilder Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the configrootordner parameter...

CVE-2007-6642

Multiple cross-site request forgery CSRF vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to 1 add a Super Admin, 2 upload an extension containing arbitrary PHP code, and 3 modify the configuration as administrators via unspecified vectors...

CVE-2007-6642

Multiple cross-site request forgery CSRF vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to 1 add a Super Admin, 2 upload an extension containing arbitrary PHP code, and 3 modify the configuration as administrators via unspecified vectors...

CVE-2007-6642

Multiple cross-site request forgery CSRF vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to 1 add a Super Admin, 2 upload an extension containing arbitrary PHP code, and 3 modify the configuration as administrators via unspecified vectors...

Directory traversal

Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. dot dot in 1 the s parameter to the admin page or 2 the pg parameter to an arbitrary module, as demonstrated by reading a password hash in a .dtb file under...

CVE-2007-6604

Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. dot dot in 1 the s parameter to the admin page or 2 the pg parameter to an arbitrary module, as demonstrated by reading a password hash in a .dtb file under...

CVE-2007-6604

CVE-2007-6604 affects XCMS 1.82 and earlier. The vulnerability is in index.php, where directory traversal via a dot-dot sequence in two parameters (s on the admin page, or pg for an arbitrary module) lets remote attackers read arbitrary files. Demonstrations include reading a password hash from a...

CVE-2007-6604

Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. dot dot in 1 the s parameter to the admin page or 2 the pg parameter to an arbitrary module, as demonstrated by reading a password hash in a .dtb file under...

XCMS 1.83 - Remote Command Execution

Name : XCMS So the xcms allow you to modify the footer throught a bugged page called cpie.php included in the admin panel. So let's take a look to the bugged code. So with a simple html form we can change the footer. Ex: /textarea input type=...

jPORTAL 2.3.1 & UserPatch - 'forum.php' Remote Code Execution

 $host = $argv1; $path = $argv2; $phpcode = $argv3; $info = "\n\n". " jPORTAL 2.3.1 & UserPatch forum.php Remote PHP Code Execution Exploit\n". "\n". " author: irk4zatyahoo.pl\n". " http://irk4z.wordpress.com\n". "\n". "\n". " greetz: str0ke, wacky, polish under :\n"...

CVE-2007-6585

PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter...

CVE-2007-6550

form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter...

Code injection

Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the 1 header and 2 footer parameters to modules/system/admin.php in a meta-generator action, 3 the disclaimer parameter to modules/system/admin.p...

Sql injection

form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter...

CVE-2007-6550

PMOS Help Desk 2.4 and earlier is affected by CVE-2007-6550. form.php redirects without exiting, enabling remote attackers to perform eval injection and execute arbitrary PHP code via the options array parameter. Affected component: PMOS Help Desk’s PHP form handling. Root cause: missing exit aft...

CVE-2007-6548

Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the 1 header and 2 footer parameters to modules/system/admin.php in a meta-generator action, 3 the disclaimer parameter to modules/system/admin.p...

pmos-exec.txt

?php / ------------------------------------------------------ PMOS Help Desk = 2.4 Remote Command Execution Exploit ------------------------------------------------------ author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://www.h2desk.com/pmos dork.....: "Powered by PMOS Help Desk" ...