PHP File Uploader Upload Vulnerability

Exploit for unknown platform in category web applications ====================================== PHP File Uploader Upload Vulnerability ====================================== ======================================================================================== | Title : PHP File Uploader Uploa...

PHP File Sharing System 1.5.1 - Multiple Vulnerabilities

Title: PHP File Sharing System 1.5.1 Multiple Vulnerabilities Author: blake Tested on: Windows XP SP3 with xampplite 1 XSS http://192.168.1.149/fss/index.php?cam= 2 Directory transversal http://192.168.1.149/fss/index.php?cam=/../../../../../../../.. 3 Shell through file upload can upload php...

Simple And Nice Index File 1.5.2 Arbitrary File Download

-------------------------------------------- -: Snif - "Any Filetype" Download Exploit :- -------------------------------------------- Script : Snif - Simple And Nice Index File Version : 1.5.2 possibly lower versions too Found By : Aodrulez. Email : f3arm3d3aratgmail.com Vulnerability:...

PHP File Uploader Shell Upload

======================================================================================== | Title : PHP File Uploader Shell Upload Vulnerability | Author : indoushka | email : [email protected] | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -00213771818860 | Total alerts found : 1 |...

php168 5.0 job.php 信息泄漏漏洞

漏洞分析 看job.php 92行 elseif$job=="download" $rsdb=$db-getone"SELECT FROM $prearticle WHERE aid='$id'"; $fidDB=$db-getone"SELECT FROM $presort WHERE fid='$rsdbfid'"; if$fidDBadmin&&$lfjid $detail=explode",",$fidDBadmin; if inarray$lfjid,$detail $webadmin=1;...

Add An Ad Script Remote Shell Upload

| | Add An Ad Script Remote PHP File Upload | | it works with Add An Ad Cart script and Add An Event script | | Site : http://www.addanad.com/ | | Download : | http://www.addanad.com/addanad/product.php?id=1 Add An Ad Cart | http://www.addanad.com/addanad/product.php?id=14 Add An Event | | Found ...

Invision Power Board Local File Inclusion / SQL Injection

============================================= - Release date: December 4th, 2009 - Discovered by: Dawid Golunski - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- Invision Power Board = 3.0.4 Local PHP File Inclusion and SQL...

Invision Power Board <= 3.0.4 LFI and <=3.0.4 and <=2.3.6 SQL Injection

No description provided by source. ============================================= - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- Invision Power Board = 3.0.4 Local PHP File Inclusion and SQL Injection Invision Power Board = 2.3....

CVE-2009-3823

Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, when magicquotesgpc is enabled, allows remote attackers to read arbitrary files via a .. dot dot in the GLOBALSpage parameter...

CVE-2009-3424

Multiple PHP remote file inclusion vulnerabilities in MaxCMS 3.11.20b, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 isprojectPath parameter to includes/InstantSite/inc.isroot.php; GLOBALSthCMSroot parameter to 2 classes/class.Tree.php, 3...

CVE-2009-2141

Multiple cross-site scripting XSS vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via 1 the returnto parameter to makepoll.php, 2 the returnto parameter in a delete action to polls.php, or the 3 Info or 4 Avatar field to my.php...

LinkBase 2.0 Remote Cookie Grabber Vulnerability

Exploit for unknown platform in category web applications ================================================ LinkBase 2.0 Remote Cookie Grabber Vulnerability ================================================ + Download LinkBase 2.0 Cookie Grabber Exploit + Discovered By SirGod + Make 2 files and...

Loggix Project 9.4.5 (refer_id) Blind SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================= Loggix Project 9.4.5 referid Blind SQL Injection Vulnerability ================================================================= Salvatore "drosophila" Fresta + Application:...

Free Arcade Script 1.0 SQL Injection / Shell Upload

.--------------------------------------------------------------------------. | Web Application : Free Arcade Script 1.0 | | Homepage : http://www.freearcadescript.net | |--------------------------------------------------------------------------| | Vulnerability : SQL Injection + Remote PHP file...

PT-2009-3647 · Pixie · Pixie Cms

Name of the Vulnerable Software and Affected Versions: Pixie CMS version 1.01a Description: The issue allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a request, specifically in the referral function in admin/lib/lib logs.php. Recommendations: For Pixie CMS...

Free Arcade Script 1.0 - Authentication Bypass Arbitrary File Upload

Free Arcade Script 1.0 - Authentication Bypass Arbitrary File Upload .--------------------------------------------------------------------------. | Web Application : Free Arcade Script 1.0 | | Homepage : http://www.freearcadescript.net |...

Free Arcade Script 1.0 - Authentication Bypass / Arbitrary File Upload

.--------------------------------------------------------------------------. | Web Application : Free Arcade Script 1.0 | | Homepage : http://www.freearcadescript.net | |--------------------------------------------------------------------------| | Vulnerability : SQL Injection + Remote PHP file...

Design/Logic Flaw

function/updatexml.php in FLABER 1.1 and earlier allows remote attackers to overwrite arbitrary files by specifying the target filename in the targetfile parameter. NOTE: this can be leveraged for code execution by overwriting a PHP file, as demonstrated using function/uploadfile.php...

CVE-2008-6490

function/updatexml.php in FLABER 1.1 and earlier allows remote attackers to overwrite arbitrary files by specifying the target filename in the targetfile parameter. NOTE: this can be leveraged for code execution by overwriting a PHP file, as demonstrated using function/uploadfile.php...

Libra PHP File Manager 2.0 Local File Inclusion

! /usr/bin/perl -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Libra PHP File Manager eNYe-Sec - www.enye-sec.org You can scale directories and read any file that you have permissions use LWP::UserAgent; $ua = LWP::UserAgent-new; print "\e2J"; system$^O eq 'MSWin32' ? 'cls' :...