1196 matches found
Vulnerability - cpCommerce - XSS
cpcommerce is a FOSS php-based e-commerce shopping cart web application. Exploit: Javascript placed inside a user's "Full Name:" field will not be stripped - it will be added to the database 'as-is' as long as it has no quotations in the string. When the admin goes to the clients view page, the...
Debian DSA-1295-1 : php5 - several vulnerabilities
Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2509 It was discovered that missing input...
Debian DSA-1283-1 : php5 - several vulnerabilities
Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1286 Stefan Esser discovered an overflow ...
PT-2007-2700 · Php +1 · Php +1
Name of the Vulnerable Software and Affected Versions: PHP versions 4.x before 4.4.7 PHP versions 5.x before 5.2.2 Description: The issue allows remote attackers to cause a denial of service, resulting in stack exhaustion and a PHP crash. This is achieved by using deeply nested arrays, which...
SUSE-SA:2006:031: PHP4,PHP5
The remote host is missing the patch for the advisory SUSE-SA:2006:031 PHP4,PHP5. This update fixes the following security issues in the PHP scripting language, both version 4 and 5: - Invalid characters in session names were not blocked. - CVE-2006-2657: A bug in zendhashdel allowed attackers to...
SUSE-SA:2006:059: php4,php5
The remote host is missing the patch for the advisory SUSE-SA:2006:059 php4,php5. The inirestore method could be exploited to reset options such as openbasedir when set via the web server config file to their default value set in php.ini CVE-2006-4625. Additionally php5 on all products as well as...
SUSE-SA:2006:067: php4,php5
The remote host is missing the patch for the advisory SUSE-SA:2006:067 php4,php5. This update fixes the following security problems in the PHP scripting language: - CVE-2006-5465: Various buffer overflows in htmlentities / htmlspecialchars internal routines could be used to crash the PHP...
SUSE-SA:2006:052: php4,php5
The remote host is missing the patch for the advisory SUSE-SA:2006:052 php4,php5. Various security problems have been fixed in the PHP script language engine and its modules, versions 4 and 5. The PHP4 updated packages were released on September 12, the PHP5 update packages were released on...
ThWboard <= 3.0b2.84-php5 SQL Injection / Code Execution Exploit
No description provided by source. ?php printr' ----------------------------------------------------------------------------- ThWboard =3.0 beta 2.84-php5 boardstyleid sql injection / cmd exec exploit by rgod dork: "powered by ThWboard" version specific: "powered by ThWboard 3 Beta 2.84-php5" "by...
ThWboard <= 3.0b2.84-php5 SQL Injection / Code Execution Exploit
Exploit for unknown platform in category web applications ================================================================ ThWboard = 3.0b2.84-php5 SQL Injection / Code Execution Exploit ================================================================ ?php printr'...
ThWboard 3.0b2.84-php5 - SQL Injection Code Execution
ThWboard 3.0b2.84-php5 - SQL Injection Code Execution ?php printr' ----------------------------------------------------------------------------- ThWboard =3.0 beta 2.84-php5 boardstyleid sql injection / cmd exec exploit by rgod dork: "powered by ThWboard" version specific: "powered by ThWboard 3...
OTSCMS <= 2.1.3 Multiple Remote File Include Vulnerabilities
No description provided by source. Coding 4 Fun c4f.pl OTSCMS = 2.1.3 by Wrzasq www.otscms.com ; Class = Remote File Inclusion ; Download = http://sourceforge.net/project/showfiles.php?groupid=145557 ; Found by = GregStar gregstaratc4fdotpl ;...
OTSCMS <= 2.1.3 Multiple Remote File Include Vulnerabilities
Exploit for unknown platform in category web applications ============================================================ OTSCMS = 2.1.3 Multiple Remote File Include Vulnerabilities ============================================================ Coding 4 Fun c4f.pl OTSCMS = 2.1.3 by Wrzasq www.otscms.c...
OTSCMS 2.1.3 - Multiple Remote File Inclusions
OTSCMS 2.1.3 - Multiple Remote File Inclusions Coding 4 Fun c4f.pl OTSCMS = 2.1.3 by Wrzasq www.otscms.com ; Class = Remote File Inclusion ; Download = http://sourceforge.net/project/showfiles.php?groupid=145557 ; Found by = GregStar gregstaratc4fdotpl ;...
OTSCMS 2.1.3 - Multiple Remote File Inclusions
Coding 4 Fun c4f.pl OTSCMS = 2.1.3 by Wrzasq www.otscms.com ; Class = Remote File Inclusion ; Download = http://sourceforge.net/project/showfiles.php?groupid=145557 ; Found by = GregStar gregstaratc4fdotpl ;...
Mambo Component bigAPE-Backup 1.1 - Remote File Inclusion
Mambo Component bigAPE-Backup 1.1 - Remote File Inclusion / Notes: globals bypass with a multipart/form-data POST PHP4 = 4.4.0 PHP5 = 5.0.5 http://www.hardened-php.net/globals-problem /str0ke / C Y BE R - W A R R i O R T I M mambo combabackup 1.1 Component mosConfigabsolutepath Remote File...
mambo com_babackup Component <= 1.1 File Include Vulnerability
Exploit for unknown platform in category web applications ============================================================== mambo combabackup Component = 1.1 File Include Vulnerability ============================================================== / Notes: globals bypass with a multipart/form-data...
dotclear_124_php5_xpl.txt
!/usr/bin/php -q -d shortopentag=on ? echo "DotClear = 1.2.4 prepend.php/'blogdcpath' arbitrary remote inclusion\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "dork: "propulsé par DotClear" "fil atom" "fil rss" +commentaires\r\n\r\n"; /...
DotClear <= 1.2.4 (prepend.php) Arbitrary Remote Inclusion Exploit
Exploit for unknown platform in category web applications ================================================================== DotClear = 1.2.4 prepend.php Arbitrary Remote Inclusion Exploit ================================================================== !/usr/bin/php -q -d shortopentag=on ? ech...
DotClear 1.2.4 - prepend.php Remote File Inclusion
DotClear 1.2.4 - prepend.php Remote File Inclusion !/usr/bin/php -q -d shortopentag=on ? echo "DotClear = 1.2.4 prepend.php/'blogdcpath' arbitrary remote inclusion\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "dork: "propulsé par DotClear"...