PHP-Nuke 7.8 - SQL Injection / Remote Command Execution

?php 20.05 23/10/2005 ---phpnuke78xpl.php PHPNuke 7.8 with all security fixes/patches "Downloads","WebLinks" & "YourAccount" modules SQL Injection / remote commands execution exploit yet not tested 7.9, but OK... by rgod site: http://rgod.altervista.org make these changes in php.ini if you have...

SecurityAlert SA025 : PHPNuke Remote Directory Traversal

Author: sp3x Date: 19. October 2005 Affected software : =================== PHPNuke version : 7.8 - 7.9 + patch 3.1 Description : ============= PHP-Nuke is a Web Portal System, storytelling software, News system, online community or w hatever you want to call it. The goal of PHP-Nuke is to have a...

w-Agora 4.2.0 - quicklist.php Remote Code Execution

w-Agora 4.2.0 - quicklist.php Remote Code Execution ?php --- wagora420xpl.php 13.33 14/10/2005 W-Agora 4.2.0 possibly prior versions Remote commands execution through quicklist.php and/or upload features by rgod site: http://rgod.altervista.org make these changes in php.ini if you have troubles t...

Utopia News Pro <= 1.1.3 (news.php) SQL Injection Exploit

No description provided by source. ?php bif magic quotes off -SQL INJECTION: /str0ke 3.10 07/10/2005 utopiaxpl.php Utopia News Pro 1.1.3 possibly prior versions SQL Injection / Administrative credentials disclosure by rgod site: http://rgod.altervista.org make these changes in php.ini if you have...

My Little Forum <= 1.5 (searchstring) SQL Injection Exploit

No description provided by source. ?php mlfexpl.php My Little Forum 1.5 possibly prior versions SQL Injection / MD5 password hash disclosure poc exploit with proxy support by rgod site: http://rgod.altervista.org make these changes in php.ini if you have troubles to launch this script:...

CuteNews 1.4.0 - Shell Injection / Remote Command Execution

?php cutenxpl.php CuteNews 1.4.0possibly prior versions remote code execution by rgod site: http://rgod.altervista.org usage: launch form Apache, fill in requested fields, then go! make these changes in php.ini if you have troubles with this script: allowcalltimepassreference = on registerglobals...

PBLang 4.65 - Remote Command Execution (1)

site: http://rgod.altervista.org make these changes in php.ini if you have troubles with this script: allowcalltimepassreference = on registerglobals = on / errorreporting0; iniset"maxexecutiontime",0; iniset"defaultsockettimeout", 2; obimplicitflush 1; echo 'PBLang 4.65 remote commands execution...

PBLang <= 4.65 Remote Command Execution Exploit

No description provided by source. ?php / PBLang 4.65 possibly prior versions remote code execution by rgod - site: http://rgod.altervista.org make these changes in php.ini if you have troubles with this script: allowcalltimepassreference = on registerglobals = on / errorreporting0;...

Flatnuke 2.5.5 - Remote Code Execution

FlatNuke 2.5.5 remote commands execution FlatNuke 2.5.5 possibly prior versions remote commands execution a script by rgod at http://rgod.altervista.org hostname ex: ww...

Flatnuke 2.5.5 - Remote Code Execution

Flatnuke 2.5.5 - Remote Code Execution FlatNuke 2.5.5 remote commands execution FlatNuke 2.5.5 possibly prior versions remote commands execution a script by rgod at http://rgod.altervista.org hostname ex: www...

[ECHO_ADV_20$2005] Full path disclosure JAF CMS

--------------------------------------------------------------------------- ECHOADV20$2005 Full path disclosure JAF CMS --------------------------------------------------------------------------- Author: Dedi Dwianto Date: June, 23th 2005 Location: Indonesia, Jakarta Web:...

4D WebStar Arbitrary Multiple Vulnerabilities

The remote server is running a version of 4D WebStar Web Server earlier than 5.3.3. Such versions are reportedly affected by multiple issues : - An attacker may be able to obtain the listing of a directory by appending a star to the directory name. - An attacker may obtain the file php.ini by...

CVE-2004-0697

Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote attackers to read the php.ini configuration file and possibly obtain sensitive information...

CVE-2004-0697

Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote attackers to read the php.ini configuration file and possibly obtain sensitive information...

CVE-2004-0697

CVE-2004-0697 affects 4D WebSTAR 5.3.2 and earlier. The vulnerability permits remote attackers to read the php.ini configuration file, potentially exposing sensitive information. The NVD entry lists a base CVSS v2 score of 5.0 (Medium) with network access and low complexity, but no exploitation d...

malicious PHP source injection

JCC Security Advisory June 15, 2002 malicious PHP source injection Description Zeroboard is one of popular PHP web boards in Korea. When allowurlfopen = On and registerglobals = On in php.ini, Zeroboard has vulnerability because head.php contains dangerous codes. So an attacker can include any...

PHP 3.04.0 - Error Logging Format String

PHP 3.04.0 - Error Logging Format String // source: https://www.securityfocus.com/bid/1786/info PHP is a scripting language designed for CGI applications that is used on many websites. There exists a remotely exploitable format string vulnerability in all versions of PHP below PHP 4.0.3. The...