CVE-2007-0190

PHP remote file inclusion vulnerability in editaddress.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter...

@lex Guestbook <= 4.0.2 Remote Command Execution Exploit

No description provided by source. !/usr/bin/php ?php // | | header @lex Guestbook = 4.0.2 Remote Command Execution Exploit | header ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit AdminPassword::toor |...

CVE-2007-0135

PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the currentpath parameter...

CVE-2007-0115

Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php...

WordPress Charset解抹SQL注入漏洞

WordPress是一款流行的网络日记程序。 WordPress处理字符集解码存在问题，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 在当PHP的mbstring扩展激活时，WordPress支持使用不同字符集解码Trackback，因为解码发送在数据库为输入数据执行选择正确的字符集之前，因此允许绕过针对SQL注入的保护。 为了演示需要，Stefan Esser建议使用UTF-7字符集来利用，因为其他的多字节字符集允许多字节序列以''结尾。...

@lex Guestbook 4.0.2 - Remote Command Execution

@lex Guestbook 4.0.2 - Remote Command Execution !/usr/bin/php @lex Guestbook ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit AdminPassword::toor | status Trying to get logged in | sploit Done | status...

@lex Guestbook <= 4.0.2 Remote Command Execution Exploit

Exploit for unknown platform in category web applications ======================================================== @lex Guestbook @lex Guestbook ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit...

@lex Guestbook 4.0.2 - Remote Command Execution

!/usr/bin/php @lex Guestbook ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit AdminPassword::toor | status Trying to get logged in | sploit Done | status Trying to add a skin | sploit Done | status Writin...

L2J Statistik Script <= 0.09 (index.php page) Local File Include Exploit

Exploit for unknown platform in category web applications ======================================================================== L2J Statistik Script = 0.09 index.php page Local File Include Exploit ======================================================================== ? print ' | \ | \ \ / |...

L2J Statistik Script 0.09 - index.php Local File Inclusion

L2J Statistik Script 0.09 - index.php Local File Inclusion ? print ' | \ | \ \ / | | | | | | | \ \ \ / \ \ | \ \ / \ | \ | | | / \ | \ \ \ / / | | | | | | | | | | ||/ // |./ |/\ ./ |/ || | \ \ / \ \ / | | | / | | | | | | \ | \ \ | \ | | / | | | / | | | / | |/ ,||./ | |,||\ Rev.4...

CVE-2006-6887

Unrestricted file upload vulnerability in logahead UNU 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/widged.php aka the WidgEd plugin, a different vulnerability than CVE-2006-6783. NOTE: The provenance of this information is...

CVE-2006-6887

The CVE-2006-6887 entry describes an unrestricted file upload vulnerability in logahead UNU 1.0 (before 2006-12-26) allowing remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/_widged.php (WidgEd plugin). The root cause is suggested as a po...

vBulletin misc.php Template Name Arbitrary Code Execution

This module exploits an arbitrary PHP code execution flaw in the vBulletin web forum software. This vulnerability is only present when the "Add Template Name in HTML Comments" option is enabled. All versions of vBulletin prior to 3.0.7 are affected. This module requires Metasploit:...

PAJAX Remote Command Execution

RedTeam has identified two security flaws in PAJAX 'PAJAX Remote Command Execution', 'Description' = %q RedTeam has identified two security flaws in PAJAX 'Matteo Cantoni ', 'hdm' , 'License' = MSFLICENSE, 'References' = 'CVE', '2006-1551', 'OSVDB', '24618', 'BID', '17519', 'URL',...

CVE-2007-0050

PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the language parameter. NOTE: this issue has been disputed by the developer and a third party, since the variable is set before use. CVE analysis suggests th...

CVE-2007-0050

PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the language parameter. NOTE: this issue has been disputed by the developer and a third party, since the variable is set before use. CVE analysis suggests th...

CVE-2006-6856

Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit edycja operation, which is then executed via a direct request for this script...

Jinzora Multiple Script include_path Parameter Remote File Inclusion

The remote host is running Jinzora, a web-based media streaming and management system written in PHP. The installation of Jinzora on the remote host fails to sanitize input to the 'includepath' parameter of several scripts before using it in the 'jzBackend.php' script to include PHP code. Provide...

CVE-2006-6830

PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the index parameter...

Logahead UNU版本_widged.php远程文件上传及代码执行漏洞

Logahead是一款开源的blog软件，具有tagging、拖放等功能。 Logahead在处理用户请求时存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。 Logahead的extras/plugins/widged/widged.php脚本中存在认证绕过漏洞，允许未经认证的攻击者向服务器上传文件。此外，该脚本还没有验证上传文件的扩展名，允许攻击者上传有任意扩展名（如.php）的文件并在服务器上执行任意PHP代码。 Logahead Logahead UNU edition 1.0...