Ajax PHP Penny Auction 1.x 2.x - Multiple Vulnerabilities

No description provided by source. Ajax PHP Penny Auction 1.x 2.x multiple Vulnerabilities Found by : Taha Hunter Info : Ajax PHP Penny Auction is one of the most proven and reliable Penny Auction software options available on the market. Based on a proprietary AJAX Streaming Engine which has fou...

yourplace <= 1.0.2 - Multiple Vulnerabilities + rce exploit

No description provided by source. START 0x01 Informations: Script : YourPlace 0.5 beta 1 Download : http://www.hotscripts.com/jump.php?listingid=80545&jumptype=1 Vulnerability : DB Disclosure / Arbitrary Data Saving RCE EXPLOIT / Arbitrary File Upload / PHPInfo Disclosure / User Change Account...

luxcal 2.7.0 - Multiple Vulnerabilities

No description provided by source. Exploit Title: LuxCal v2.7.0 Multiple Remote Vulnerabilities Date: 17/09/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://www.luxsoft.eu/ Software Link:...

Talkback 2.3.6 - Multiple Local File Inclusion/PHPInfo Disclosure Vulns

No description provided by source. + Talkback 2.3.6 Multiple Local File Inclusion/PHPInfo Disclosure + Discovered By SirGod + MorTal TeaM + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,HrN,kemrayz,007m,Raven,Nytr0gen,str0ke + Local File Inclusion PoC 1 :...

PhpGedView 2.61 PHPInfo Information Disclosure Weakness

No description provided by source. source: http://www.securityfocus.com/bid/9371/info PhpGedView allows remote users to access information displayed by the phpinfo function. This may disclose sensitive information about the environment the software runs in. This issue is reported to affect...

gf-3xplorer 2.4 (xss/lfi/etc.) Multiple Vulnerabilities

No description provided by source. --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org...

facil-cms 0.1rc2 Multiple Vulnerabilities

No description provided by source. Script Facil-CMS 0.1RC2 +download: http://sourceforge.net/project/platformdownload.php?groupid=217673 DORK inurl:modules.php?modload=News Copyright C 2008 by FacilCMS.org inurl: /facil-cms/ Author any.zicky Contact Me anydotzickyatgmaildotcom ; About Facil CMS i...

PHP 4 PHPInfo Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7805/info Scripts that include the PHP phpinfo debugging function may be prone to cross-site scripting attacks. This could permit remote attackers to create a malicious link to a vulnerable PHP script that includes hostil...

PHPYUN cloud talent system background CSRF Getshell-a vulnerability warning-the black bar safety net

phpyun background no authentication token, by the CSRF directly getshell First, from the background getshell start. The web site's configuration file,/plus/config.php using double quotes to do the key value, which leads to security issues. We can put php code to write into the double quotes insid...

webEdition CMS 2.8.0.0 Remote Command Execution

Advisory: Remote Command Execution in webEdition CMS Installer Script RedTeam Pentesting discovered a remote command execution vulnerability in the installer script of the webEdition CMS during a penetration test. If the installer script is not manually removed after installation, attackers canno...

U-mail 最新版漏洞大阅兵(信息泄露，多个getshell，多处SQL注入漏洞，远程代码执行)

简要描述： 疯狗、 xsser finger求打雷 详细说明： 注：一个getshell重复 http://wooyun.org/bugs/wooyun-2014-059954 疯狗、 xsser finger求打雷 1、 信息泄露 phpinfo信息泄露 http://www.xxx.com/webmail/client/mail/index.php?module=test&action=info phpinfo信息泄露 其中源码如下：WorldClient\html\client\mail\module\info.php if !defined "PRELOADOK" exit...

CVE-2013-1804

Multiple cross-site scripting XSS vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the 1 highlight parameter to forum/viewthread.php; or remote authenticated users with certain permissions to inject arbitrary web script or HTML via the...

ionCube Loader Wizard 'loader-wizard.php'多个安全漏洞

Bugtraq ID:66531 ionCube Loader Wizard是一款基于WEB的应用。 ionCube Loader Wizard允许攻击者利用漏洞获取phpinfo信息，下载配置文件，进行反射型跨站脚本攻击，下载任意文件。 0 ionCube Loader Wizard 2.42 ionCube Loader Wizard 2.36 ionCube Loader Wizard 2.46版本已修复该漏洞，建议用户下载使用： http://www.ioncube.com/loaders.php...

ionCube Loader < 2.46 Multiple Vulnerabilities - Active Check

ionCube Loader is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Horde 3.1.x <= 5.1.1 RCE Vulnerability - Active Check

Horde is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:horde:hordegroupware...

程式舞曲储存型又一xss（2）附后台getshell

简要描述： 好吧 亲爱的广商我又来了。。发现这个广商态度还是很不错的 ，这样才能让自己的产品更加完善。 详细说明： 一： xss 添加 文章处 直接提交 xss代码 会被过滤。用 火狐live http replay post提交 好吧。。后台审核文章，编辑，看下源码 插进去鸟 二 ：getshell 收到 cookie后 修改基本信息 可以看到 phpinfo执行了 https://images.seebug.org/upload/201403/032006511cd14c570f32f55700c5aea2f2cc...

Discuz的利用UC_KEY进行getshell

简要描述： 知key得shell。 详细说明： $configfile = pregreplace"/define'UCAPI',\s'.?';/i", "define'UCAPI', '".addslashes$UCAPI."';", $configfile; 这句代码是有漏洞的。 如果我第一次提交的是 ';phpinfo; define那句就变成了 define'UCAPI','';phpinfo;'; 那么我下一次提交呢？ 非贪婪匹配会匹配到 define'UCAPI',''; phpinfo;就留下来了。 漏洞证明：...

osCmax e-Commerce v2.5.3 (FU/ObjectInject) Multiple Vulnerabilities

osCmax e-Commerce v2.5.3 is suffer from multiple vulnerabilities remote attacker can upload file/shell via header attacks or exec a JavaScript Code & Inject a remote Object see also : CVE-2013-4144 Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site :...

WebTester 5.x Multiple Vulnerabilities

========================================================================================== WebTester 5.x Multiple Vulnerabilities ==========================================================================================...

Shopex V4. 8. 4|V4. 8. 5 download an arbitrary file vulnerability-vulnerability warning-the black bar safety net

The use of the premise is to program the application to the database server and if possible even outside, this is critical. Your engage in Station time to meet with the station, online can't find the version of the vulnerability, their own get back to the source to read a bit. Find a loophole, or...