PT-2023-9221 · Composer +6 · Composer +6

Name of the Vulnerable Software and Affected Versions: Composer versions prior to 1.10.27 Composer versions prior to 2.2.22 Composer versions prior to 2.6.4 Description: The issue is related to the Composer dependency manager for PHP. Users publishing a composer.phar to a public web-accessible...

N`CMS 1.1E Pre-Auth Local File Inclusion Remote Code Exploit

No description provided by source. !/usr/bin/python INFORMATION Exploit Title: NCMS 1.1E Pre-Auth Local File Inclusion Remote Code Exploit Date: 11/3/2011 Software link: http://bit.ly/eJAyw5 Tested on: Linux bt Version: 1.1E PHP.ini Settings: gpcmagicquotes = Off Note: The web application was luc...

If-CMS 2.07 Local File Inclusion

!/usr/bin/python INFORMATION Exploit Title: If-CMS 2.07 Pre-Auth Local File Inclusion 0day Exploit Author: TecR0c Date: 13/3/2011 Software link: http://bit.ly/hh9ZB4 Tested on: Linux bt Version: 2.07 PHP.ini Settings: gpcmagicquotes = Off import...

IF-CMS 2.07 - Local File Inclusion (1)

!/usr/bin/python INFORMATION Exploit Title: If-CMS 2.07 Pre-Auth Local File Inclusion 0day Exploit Author: TecR0c Date: 13/3/2011 Software link: http://bit.ly/hh9ZB4 Tested on: Linux bt Version: 2.07 PHP.ini Settings: gpcmagicquotes = Off import...

N`CMS 1.1E Pre-Auth Local File Inclusion Remote Code Exploit

Exploit for php platform in category web applications !/usr/bin/python INFORMATION Exploit Title: NCMS 1.1E Pre-Auth Local File Inclusion Remote Code Exploit Date: 11/3/2011 Software link: http://bit.ly/eJAyw5 Tested on: Linux bt Version: 1.1E PHP.ini Settings: gpcmagicquotes = Off Note: The web...

N'CMS 1.1E Pre-Auth Local File Inclusion Code Execution

!/usr/bin/python INFORMATION Exploit Title: NCMS 1.1E Pre-Auth Local File Inclusion Remote Code Exploit Date: 11/3/2011 Software link: http://bit.ly/eJAyw5 Tested on: Linux bt Version: 1.1E PHP.ini Settings: gpcmagicquotes = Off Note: The web application was lucky to not be exploited by session...

N_CMS 1.1E - Local File Inclusion Remote Code

NCMS 1.1E - Local File Inclusion Remote Code !/usr/bin/python INFORMATION Exploit Title: NCMS 1.1E Pre-Auth Local File Inclusion Remote Code Exploit Date: 11/3/2011 Software link: http://bit.ly/eJAyw5 Tested on: Linux bt Version: 1.1E PHP.ini Settings: gpcmagicquotes = Off Note: The web applicati...

Vtiger CRM 5.0.4 Local File Inclusion

!/usr/bin/python INFORMATION: Exploit Title: Vtiger CRM 5.0.4 Pre-Auth Local File Inclusion Exploit Google Dork: "The honest Open Source CRM" "vtiger CRM 5.0.4" Date: 5/3/2011 CVE: CVE-2009-3249 Windows link: http://bit.ly/fiOYCL Linux link: http://bit.ly/hluzLf Tested on: Windows XP/Linux Ubuntu...

Vtiger CRM 5.0.4 Pre-Auth Local File Inclusion Exploit

Exploit for php platform in category web applications !/usr/bin/python INFORMATION: Exploit Title: Vtiger CRM 5.0.4 Pre-Auth Local File Inclusion Exploit Google Dork: "The honest Open Source CRM" "vtiger CRM 5.0.4" Date: 5/3/2011 CVE: CVE-2009-3249 Windows link: http://bit.ly/fiOYCL Linux link:...

vTiger CRM 5.0.4 - Local File Inclusion

vTiger CRM 5.0.4 - Local File Inclusion !/usr/bin/python INFORMATION: Exploit Title: Vtiger CRM 5.0.4 Pre-Auth Local File Inclusion Exploit Google Dork: "The honest Open Source CRM" "vtiger CRM 5.0.4" Date: 5/3/2011 CVE: CVE-2009-3249 Windows link: http://bit.ly/fiOYCL Linux link:...

vTiger CRM 5.0.4 - Local File Inclusion

!/usr/bin/python INFORMATION: Exploit Title: Vtiger CRM 5.0.4 Pre-Auth Local File Inclusion Exploit Google Dork: "The honest Open Source CRM" "vtiger CRM 5.0.4" Date: 5/3/2011 CVE: CVE-2009-3249 Windows link: http://bit.ly/fiOYCL Linux link: http://bit.ly/hluzLf Tested on: Windows XP/Linux Ubuntu...

phpWebThings 1.5.2 - MD5 Hash RetrieveFile Disclosure

phpWebThings 1.5.2 - MD5 Hash RetrieveFile Disclosure !/usr/bin/perl phpWebThings = 1.5.2 MD5 Hash Retrieve / File Disclosure Remote Exploit by staker ------------------------------ mail: stakerathotmaildotit url: http://phpwebthings.nl ------------------------------ NOTE: 1. it works regardless ...

unclassified NewsBoard 1.6.4 - Multiple Vulnerabilities

Author girex Homepage girex.altervista.org Date 31/05/2009 CMS Unclassified NewsBoard 1.6.4 and maybe lower Dork "This board is powered by the Unclassified NewsBoard software, 1.6.4" Multiple remote vulnerabilities 1 Remote SQL Injection php.ini regardless 2 Logs File Disclosure registerglobals =...

Calendar Script 1.1 - Authentication Bypass

----------------------------------------------------- Calendar Script v1.1 Admin Login Bypass Vulnerability ----------------------------------------------------- by athos - stakerathotmaildotit http://www.hotscripts.com/jump.php?listingid=71365&jumptype=1 File Vuln "index.php" code details...

2532Gigs 1.2.2 Stable - Remote Command Execution

2532Gigs 1.2.2 Stable - Remote Command Execution ---------------------------------------------------------------- Fix / errorreporting0; $host = explode'/',$argv1; $exec = $argv2 or usage; $sock = fsockopen$host0,80; $post = "content="; $leng = strlen$post; $data = "POST /$host1/calcssedit.php...

2532|Gigs 1.2.2 Stable Remote Command Execution Exploit

No description provided by source. ?php / ---------------------------------------------------------------- 2532|Gigs 1.2.2 Stable Remote Command Execution Exploit ---------------------------------------------------------------- by athos - stakerathotmaildotit works regardless php.ini settings...

2532|Gigs 1.2.2 Stable Remote Command Execution Exploit

Exploit for unknown platform in category web applications ======================================================= 2532|Gigs 1.2.2 Stable Remote Command Execution Exploit ======================================================= ---------------------------------------------------------------- Fix /...

CPCommerce 1.2.6 - URL Rewrite Input Variable Overwrite / Authentication Bypass

Author: girex Homepage: girex.altervista.org CMS: cpCommerce 1.2.6 Site: http://cpcommerce.cpradio.org/ Bug: URL Rewrite - Input variables overwrite PoC: Auth bypass - Shell upload Note: Works regardless php.ini settings Vendor informed: 23/11/08 cpCommerce 1.2.7 released: 30/11/08 Public advisor...

Quicksilver Forums <= 1.4.2 RCE Exploit (windows only)

No description provided by source. Author: GiReX Homepage: girex.altervista.org Date: 24/11/2008 CMS: Quicksilver Forums = 1.4.2 Site: http://www.quicksilverforums.com/ Bug: Local File Inclusion Exploit: Remote Command Execution Note: Works with windows servers only Works regardless php.ini...

vibrocms-sql.txt

/ ------------------------------------------------------- Vibro-CMS Multiple Remote SQL Injection Vulnerabilities ------------------------------------------------------- Discovered By StAkeRathotmaildotit http://www.niclor.net/prodotti/Vibro-CMS...