119 matches found
Debian: Security Advisory (DSA-768-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
phpBB2 2.0.22 Cross Site Scripting Vulnerability
Opencosmo Security http://www.opencosmo.com Author: Alfredo Panzera, Opencosmo Security Vendor: phpBB.com Version: 2.0.22 Exploit: Go to http://website/forum/admin/admingroups.php and into 'Group description:' insert your XSS...
phpBB Links MOD Remote Blind SQL Injection Exploit
No description provided by source. ?php / D:\usr\local\phpphp test.php http://www.skypebbs.com/ -id=2 ------------------------------------------------------------ phpBB Links MOD Remote Blind SQL Injection Exploit exploit by flyh4tcnsst.org bug found by Love Fly dork:Links MOD v1.2.2 by phpBB2...
CVE-2007-2257
PHP remote file inclusion vulnerability in subscp.php in Fully Modded phpBB2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...
CVE-2007-2257
The CVE-2007-2257 entry concerns a PHP remote file inclusion in subscp.php of Fully Modded phpBB2, where an attacker can supply a URL via the phpbb_root_path parameter to execute arbitrary PHP code. The vulnerability enables remote code execution with network access and low complexity, listed for...
CVE-2007-2257
PHP remote file inclusion vulnerability in subscp.php in Fully Modded phpBB2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 3.0 Pre Final allow remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter to 1 functions.php or 2 functionsportal.php in includes/...
CVE-2007-2208
CVE-2007-2208 affects Extreme PHPBB2 3.0 Pre Final. The vulnerability is a remote file inclusion that allows an attacker to execute arbitrary PHP code by supplying a URL in the phpbb_root_path parameter to (1) functions.php or (2) functions_portal.php in the includes/ directory. Root cause: impro...
CVE-2007-2208
Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 3.0 Pre Final allow remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter to 1 functions.php or 2 functionsportal.php in includes/...
Fully Modded PHPBB2 PHPBB_Root_Path远程文件包含漏洞
Fully Modded PHPBB2是一款基于PHP的WEB应用程序。 Fully Modded PHPBB2不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是WEB脚本对用户提交的'PHPBBRootPath'参数缺少过滤,指定远程服务器上的文件作为包含参数,可导致以WEB权限执行任意命令。 Fully Modded phpBB2 目前没有解决方案提供: http://phpbbfm.net/support/indexfm.php http://www.sebug.net/show-exp-364.html...
FullyModdedphpBB2 Remote File Inclusion
Hello,, FullyModdedphpBB2 Remote File Inclusion .. With exploit : Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] / Script info Mod Title: FullyModdedphpBB2 Description: A fully modded phpBB / Remote File Include:...
fullybb-rfi.txt
Hello,, FullyModdedphpBB2 Remote File Inclusion .. With exploit : Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] / Script info Mod Title: FullyModdedphpBB2 Description: A fully modded phpBB / Remote File Include:...
Extreme PHPBB2 Remote File Inclusion
Hello,, EclipseBB Remote File Inclusion .. With exploit : Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] Tested on 3.0 Pre Final And other Versions Should be infected / Script info Mod Title: Extreme PHPBB 3.0 Mod Version: 3...
Fully Modded PHPBB2 - 'phpbb_root_path' Remote File Inclusion
source: https://www.securityfocus.com/bid/23565/info Fully Modded PHPBB2 is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks...
Fully Modded PHPBB2 - phpbb_root_path Remote File Inclusion
Fully Modded PHPBB2 - phpbbrootpath Remote File Inclusion source: https://www.securityfocus.com/bid/23565/info Fully Modded PHPBB2 is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromis...
eCardMAX HotEditor 4.0 - Keyboard.php Local File Inclusion
eCardMAX HotEditor 4.0 - Keyboard.php Local File Inclusion source: https://www.securityfocus.com/bid/23377/info eCardMAX HotEditor is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view...
eCardMAX HotEditor 4.0 - 'Keyboard.php' Local File Inclusion
source: https://www.securityfocus.com/bid/23377/info eCardMAX HotEditor is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts. HotEditor 4.0 is...
PHP 4.4.4 - Unserialize() ZVAL Reference Counter Overflow (PoC)
PHP 4.4.4 - Unserialize ZVAL Reference Counter Overflow PoC ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code...
PHP <= 4.4.4 unserialize() ZVAL Reference Counter Overflow Exploit PoC
No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...
MOPB-04-2007:PHP 4 unserialize() ZVAL Reference Counter Overflow
Summary The Month of PHP Bugs started with one of the possible ways to exploit the 16bit reference counter of PHP 4. It was only exploitable with local access. However because PHP does not protect against these overflows anywhere there are other exploit vectors. With unserialize it is triggerable...