TorrentFlux 2.3 - admin.php Administrator Account Creation CSRF

No description provided by source. source: http://www.securityfocus.com/bid/28846/info TorrentFlux is prone to a cross-site request-forgery vulnerability and a remote PHP code-execution vulnerability. Exploiting these issues may allow a remote attacker to create administrative accounts in the...

Invision Power Board <= 2.3.5 - Multiple Vulnerabilities Exploit (revised)

No description provided by source. !/usr/bin/php -q ?php errorreportingEALL ^ ENOTICE; yeah ... it rox : class ipbspl var $web; function main $this-mhead; Gimme your args $this-pattack = $this-getp'attack', true; $this-pprox = $this-getp'proxhost'; $this-pproxa = $this-getp'proxauth';...

LoudBlog 0.41 podcast.php id Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow remote...

Benjamin Lefevre Dobermann Forum 0.x entete.php subpath Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/6057/info Dobermann Forum is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Dobermann. An attacker...

Netref 4.2 Cat_for_gen.PHP Remote PHP Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13275/info A remote PHP script injection vulnerability affects Netref. This issue is due to a failure of the application to sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary PHP script...

AWCM 2.1 - Local File Inclusion / Auth Bypass Vulnerabilities

No description provided by source. ---------------------------------AWCM v2.1 LFI/Auth Bypass Vulnerabilities--------------------------------------- ---------------------------------------------------------------------------------------------------------------- Script : AWCM version : v2.1...

Softbiz Web Host Directory Script (host_id) - SQL Injection Vulnerability

No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV89$2008 ----------------------------------------------------------------------------------------- ECHOADV89$2008 Softbiz Web Host Directory Script searchresult.php hostid...

iDev Rentals 1.0 - Multiple Vulnerabilities

No description provided by source. Title: ====== iDev Rentals v1.0 - Multiple Web Vulnerabilities Date: ===== 2012-11-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=760 VL-ID: ===== 758 Common Vulnerability Scoring System: ==================================== 3.5...

AutoIndex PHP Script 2.2.1 Index.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25448/info AutoIndex PHP Script is prone a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the...

MagicScripts E-Store Kit-2 PayPal Edition Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12910/info MagicScripts E-Store Kit-2 PayPal Edition is prone to a remote file include vulnerability. Remote attackers could potentially exploit this issue to include a remote malicious PHP script. If the attacker is able...

AB Banner Exchange (index.php page) Local File Inclusion

No description provided by source. ----------------------------------------------------------- AB Banner Exchange index.php page Local file inclusion Bug discovered by Yakir Wizman Date 24/08/2012 Vendor Homepage - http://www.abscripts.com/ab-banner-exchange/ Demo -...

eXtreme File Hosting Arbitrary RAR File Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22498/info eXtreme File Hosting is prone to an arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue could allow an attacker to upload and execute arbitra...

creLoaded <= 6.15 (HTMLAREA) Automated Perl Exploit

No description provided by source. !/usr/bin/perl creLoaded = 6.15 HTMLAREA automated perl exploit hacked up by kaneda [email protected] Rather simple exploit, but still an exploit nonetheless. Attempts to upload php script and utilise that to execute commands, and show off a fake shell. C...

PHP-Nuke 6.0 - Multiple Path Disclosure Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/6406/info Multiple path disclosure vulnerabilities have been discovered in PHP-Nuke. This issue occurs when requesting a PHP script that shouldn't be accessed directly. Exploiting this issue will cause the target server t...

pMachine 1.0/2.x Multiple Script sfx Parameter Path Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/7980/info It has been reported that pMachine is prone to remote a patch disclosure vulnerability when accessing various scripts. When a request is made for a target PHP script, possibly requiring a blank URI parameter,...

GuestBookPlus HTML Injection & Bypass Comments Limit

No description provided by source. ======================================================================= In the name of ALLAH ! ======================================================================= GuestBookPlus Script PHP HTML Injection Vuln...

Flax Article Manager 1.1 - Remote PHP Script Upload Vulnerability

No description provided by source. Flax Article Manager 1.1 Remote File Upload Vulnerability ---------------------------------------------------------- Discovered By: S.W.A.T. [email protected] Home: www.batlagh.com Script Page: http://www.clixint.com/products/articles Dork: Copyright 2006 © Fla...

Microsoft Internet Explorer 5.5/6.0 Spoofable File Extensions Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3597/info It is possible for a malicious webmaster, hosting files on an website, to spoof file extensions for users of Internet Explorer. For example, an .exe file can be made to look like a .txt or other seemingly harmle...

myphpPageTool 0.4.3 -1 Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6744/info myphpPageTool is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in several PHP script files in the /doc/admin folder. Under some circumstance...

AutoIndex PHP Script 2.2.2 PHP_SELF Index.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26411/info AutoIndex PHP Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in...