98 matches found
CVE-2006-1085
admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to bypass authentication, gain administrator privileges, and execute arbitrary PHP code by modifying the optionadminpass parameter and setting the passcookie to the MD5 hash of the specified password...
Information disclosure
PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database tableprefix...
CVE-2006-1083
Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to read and possibly execute arbitrary files via a .. dot dot in the 1 optionlanguage and 2 optiontemplate parameters, and 3 possibly other parameters, to a admin.php and b other unspecified...
Code injection
Direct static code injection vulnerability in the modifyconfig action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the optionnewcompatibilitymode parameter, which is not filtered before being stored in config.php. NOTE...
CVE-2006-1088
PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database tableprefix...
CVE-2006-1087
Direct static code injection vulnerability in the modifyconfig action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the optionnewcompatibilitymode parameter, which is not filtered before being stored in config.php. NOTE...
CVE-2006-1083
CVE-2006-1083 describes multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and earlier. The flaws allow remote attackers to read (and possibly execute) arbitrary files by supplying a .. (dot dot) in parameters such as option[language] and option[template], targeting admin.php and o...
CVE-2006-1085
admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to bypass authentication, gain administrator privileges, and execute arbitrary PHP code by modifying the optionadminpass parameter and setting the passcookie to the MD5 hash of the specified password...
CVE-2006-1084
CVE-2006-1084 affects PHP-Stats versions 0.1.9.1 and earlier. The vulnerability stems from multiple SQL injection flaws in the application, notably via the parameter option[prefix] in admin.php and the PC_REMOTE_ADDR HTTP header to click.php. Successful exploitation could allow remote attackers t...
CVE-2006-1085
PHP-Stats 0.1.9.1 and earlier is affected by CVE-2006-1085. An authentication bypass allows remote attackers to gain administrator privileges and execute arbitrary PHP code by altering option[admin_pass] and setting pass_cookie to the MD5 hash of the target password. This vector can be used in co...
CVE-2006-1087
PHP-Stats 0.1.9.1 and earlier are affected by a Direct static code injection in the modify_config action of admin.php. The vulnerability arises from unsafely storing the option_new[compatibility_mode] value in config.php, allowing an attacker with remote authenticated admin access to execute arbi...
CVE-2006-1083
Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to read and possibly execute arbitrary files via a .. dot dot in the 1 optionlanguage and 2 optiontemplate parameters, and 3 possibly other parameters, to a admin.php and b other unspecified...
php_stats_0191_adv.txt
------------- PHP-Stats = 0.1.9.1 remote commands execution ------------------- software: site: http://www.phpstats.net/ description: Open source statistical package for PHP enabled web sites -------------------------------------------------------------------------------- i vulnerable code in...
PHP-Stats <= 0.1.9.1 remote commands execution
------------- PHP-Stats = 0.1.9.1 remote commands execution ------------------- software: site: http://www.phpstats.net/ description: Open source statistical package for PHP enabled web sites -------------------------------------------------------------------------------- i vulnerable code in...
PHP-Stats <= 0.1.9.1 Remote Commands Execution Exploit
Exploit for unknown platform in category web applications ====================================================== PHP-Stats works regardless of magicquotesgpc settings... usage: launch from Apache, fill in requested fields, then go! Sun-Tzu:"Of old, the rise of the Yin dynasty was due to I Chih wh...
PHP-Stats 0.1.9.1 - Remote Commans Execution
PHP-Stats 0.1.9.1 - Remote Commans Execution works regardless of magicquotesgpc settings... usage: launch from Apache, fill in requested fields, then go! Sun-Tzu:"Of old, the rise of the Yin dynasty was due to I Chih who had served under the Hsia. Likewise, the rise of the Chou dynasty was due to...
PHP-Stats <= 0.1.9.1 Remote Commands Execution Exploit
No description provided by source. ?php ---phpstats0191xpl.php 04/03/2006 4.53.41 PHP-Stats = 0.1.9.1 optionadminpass overwrite / / remote commands execution exploit coded by rgod site: http://retrogod.altervista.org - works regardless of magicquotesgpc settings... usage: launch from Apache, fill...
PHP-Stats 0.1.9.1 - Remote Commans Execution
works regardless of magicquotesgpc settings... usage: launch from Apache, fill in requested fields, then go! Sun-Tzu:"Of old, the rise of the Yin dynasty was due to I Chih who had served under the Hsia. Likewise, the rise of the Chou dynasty was due to Lu Ya who had served under the Yin."...