Lucene search
K

68 matches found

exploitpack
exploitpack
added 2008/08/15 12:0 a.m.354 views

PHPizabi 0.848b C1 HP3 - id Local File Inclusion

PHPizabi 0.848b C1 HP3 - id Local File Inclusion source: https://www.securityfocus.com/bid/30707/info PHPizabi is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal...

7.4AI score
Exploits0
Prion
Prion
added 2008/07/21 4:41 p.m.75 views

Unrestricted file upload

Unrestricted file upload vulnerability in the writeLogEntry function in system/vcronproc.php in PHPizabi 0.848b C1 HFP1, when registerglobals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the CONFCRONLOGFILE parameter and file contents in the...

9.3CVSS8.1AI score0.05165EPSS
Exploits7References5Affected Software1
NVD
NVD
added 2008/07/21 4:41 p.m.20 views

CVE-2008-3239

Unrestricted file upload vulnerability in the writeLogEntry function in system/vcronproc.php in PHPizabi 0.848b C1 HFP1, when registerglobals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the CONFCRONLOGFILE parameter and file contents in the...

9.3CVSS7.5AI score0.05165EPSS
Exploits7References5
Cvelist
Cvelist
added 2008/07/21 4:0 p.m.34 views

CVE-2008-3239

Unrestricted file upload vulnerability in the writeLogEntry function in system/vcronproc.php in PHPizabi 0.848b C1 HFP1, when registerglobals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the CONFCRONLOGFILE parameter and file contents in the...

7.5AI score0.05165EPSS
Exploits7References5
CVE
CVE
added 2008/07/21 4:0 p.m.181 views

CVE-2008-3239

PHPizabi 0.848b C1 HFP1-3 contains an unrestricted file upload vulnerability in system/v_cron_proc.php::writeLogEntry when register_globals is enabled. An attacker can supply a filename via CONF[CRON_LOGFILE] and file contents via CONF[LOCALE_LONG_DATE_TIME], enabling remote code execution. Explo...

9.3CVSS7.4AI score0.05165EPSS
Exploits7References5Affected Software1
seebug.org
seebug.org
added 2008/07/17 12:0 a.m.198 views

PHPizabi 0.848b C1 HFP1 Remote Code Execution Exploit

No description provided by source. !/usr/bin/perl inphex PHPizabi v0.848b C1 HFP1 Remote Code Execution http://www.dz-secure.com/tools/1/WebESploit.pl.txt if you are seeking for a partner to work on some projects just send an email inphex0 at gmail dot com system/vcronproc.php if...

7.1AI score
Exploits0
0day.today
0day.today
added 2008/07/16 12:0 a.m.283 views

PHPizabi 0.848b C1 HFP1 Remote Code Execution Exploit

Exploit for unknown platform in category web applications ===================================================== PHPizabi 0.848b C1 HFP1 Remote Code Execution Exploit ===================================================== !/usr/bin/perl inphex PHPizabi v0.848b C1 HFP1 Remote Code Execution if you a...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2008/07/16 12:0 a.m.1504 views

PHPizabi 0.848b C1 HFP1 - Remote Code Execution

PHPizabi 0.848b C1 HFP1 - Remote Code Execution !/usr/bin/perl inphex PHPizabi v0.848b C1 HFP1 Remote Code Execution http://www.dz-secure.com/tools/1/WebESploit.pl.txt if you are seeking for a partner to work on some projects just send an email inphex0 at gmail dot com system/vcronproc.php if...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2008/07/16 12:0 a.m.26 views

phpizabi-exec.txt

!/usr/bin/perl inphex PHPizabi v0.848b C1 HFP1 Remote Code Execution http://www.dz-secure.com/tools/1/WebESploit.pl.txt if you are seeking for a partner to work on some projects just send an email inphex0 at gmail dot com system/vcronproc.php if !functionexists"writeLogEntry" function...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/07/16 12:0 a.m.52 views

PHPizabi 0.848b C1 HFP1 - Remote Code Execution

!/usr/bin/perl inphex PHPizabi v0.848b C1 HFP1 Remote Code Execution http://www.dz-secure.com/tools/1/WebESploit.pl.txt if you are seeking for a partner to work on some projects just send an email inphex0 at gmail dot com system/vcronproc.php if !functionexists"writeLogEntry" function...

7.4AI score
Exploits0
Prion
Prion
added 2008/04/30 1:7 a.m.107 views

Code injection

The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '' and '' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a "user.password"...

4CVSS6.2AI score0.02156EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2008/04/30 1:0 a.m.26 views

CVE-2008-2018

The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '' and '' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a "user.password"...

5.8AI score0.02156EPSS
Exploits0References3
CVE
CVE
added 2008/04/30 1:0 a.m.6466 views

CVE-2008-2018

CVE-2008-2018 affects PHPizabi 0.848b C1 HFP3. The AssignUser function in template.class.php performs unsafe macro expansions on strings delimited by { and }, enabling remote authenticated users to extract sensitive data via a macro in a comment (e.g., {user.password}) on an admin profile. The is...

4CVSS5.8AI score0.02156EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2008/04/28 12:0 a.m.138 views

phpizabi-disclose.txt

-------------------------------------------------------- PHPizabi v0.848b C1 HFP3 database information exposure -------------------------------------------------------- I would like to state that I am in no way responsible for how this information is used. It is just that, information and is...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2008/04/28 12:0 a.m.23693 views

PHPizabi v0.848b C1 HFP3 Database Information Disclosure Vuln

No description provided by source. -------------------------------------------------------- PHPizabi v0.848b C1 HFP3 database information exposure -------------------------------------------------------- I would like to state that I am in no way responsible for how this information is used. It is...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2008/04/26 12:0 a.m.2269 views

PHPizabi 0.848b C1 HFP3 - Database Information Disclosure

PHPizabi 0.848b C1 HFP3 - Database Information Disclosure -------------------------------------------------------- PHPizabi v0.848b C1 HFP3 database information exposure -------------------------------------------------------- I would like to state that I am in no way responsible for how this...

7.2AI score
Exploits0
Exploit DB
Exploit DB
added 2008/04/26 12:0 a.m.7415 views

PHPizabi 0.848b C1 HFP3 - Database Information Disclosure

-------------------------------------------------------- PHPizabi v0.848b C1 HFP3 database information exposure -------------------------------------------------------- I would like to state that I am in no way responsible for how this information is used. It is just that, information and is...

7AI score
Exploits0
0day.today
0day.today
added 2008/04/26 12:0 a.m.27658 views

PHPizabi v0.848b C1 HFP3 Database Information Disclosure Vuln

Exploit for unknown platform in category web applications ============================================================= PHPizabi v0.848b C1 HFP3 Database Information Disclosure Vuln =============================================================...

7.1AI score
Exploits0
Prion
Prion
added 2008/02/19 12:0 a.m.36 views

Unrestricted file upload

Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures...

9.3CVSS8.2AI score0.05194EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2008/02/19 12:0 a.m.20 views

CVE-2008-0805

Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures...

9.3CVSS7.6AI score0.05194EPSS
Exploits0References3
Rows per page
Query Builder