68 matches found
PHPizabi 0.848b C1 HP3 - id Local File Inclusion
PHPizabi 0.848b C1 HP3 - id Local File Inclusion source: https://www.securityfocus.com/bid/30707/info PHPizabi is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal...
Unrestricted file upload
Unrestricted file upload vulnerability in the writeLogEntry function in system/vcronproc.php in PHPizabi 0.848b C1 HFP1, when registerglobals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the CONFCRONLOGFILE parameter and file contents in the...
CVE-2008-3239
Unrestricted file upload vulnerability in the writeLogEntry function in system/vcronproc.php in PHPizabi 0.848b C1 HFP1, when registerglobals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the CONFCRONLOGFILE parameter and file contents in the...
CVE-2008-3239
Unrestricted file upload vulnerability in the writeLogEntry function in system/vcronproc.php in PHPizabi 0.848b C1 HFP1, when registerglobals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the CONFCRONLOGFILE parameter and file contents in the...
CVE-2008-3239
PHPizabi 0.848b C1 HFP1-3 contains an unrestricted file upload vulnerability in system/v_cron_proc.php::writeLogEntry when register_globals is enabled. An attacker can supply a filename via CONF[CRON_LOGFILE] and file contents via CONF[LOCALE_LONG_DATE_TIME], enabling remote code execution. Explo...
PHPizabi 0.848b C1 HFP1 Remote Code Execution Exploit
No description provided by source. !/usr/bin/perl inphex PHPizabi v0.848b C1 HFP1 Remote Code Execution http://www.dz-secure.com/tools/1/WebESploit.pl.txt if you are seeking for a partner to work on some projects just send an email inphex0 at gmail dot com system/vcronproc.php if...
PHPizabi 0.848b C1 HFP1 Remote Code Execution Exploit
Exploit for unknown platform in category web applications ===================================================== PHPizabi 0.848b C1 HFP1 Remote Code Execution Exploit ===================================================== !/usr/bin/perl inphex PHPizabi v0.848b C1 HFP1 Remote Code Execution if you a...
PHPizabi 0.848b C1 HFP1 - Remote Code Execution
PHPizabi 0.848b C1 HFP1 - Remote Code Execution !/usr/bin/perl inphex PHPizabi v0.848b C1 HFP1 Remote Code Execution http://www.dz-secure.com/tools/1/WebESploit.pl.txt if you are seeking for a partner to work on some projects just send an email inphex0 at gmail dot com system/vcronproc.php if...
phpizabi-exec.txt
!/usr/bin/perl inphex PHPizabi v0.848b C1 HFP1 Remote Code Execution http://www.dz-secure.com/tools/1/WebESploit.pl.txt if you are seeking for a partner to work on some projects just send an email inphex0 at gmail dot com system/vcronproc.php if !functionexists"writeLogEntry" function...
PHPizabi 0.848b C1 HFP1 - Remote Code Execution
!/usr/bin/perl inphex PHPizabi v0.848b C1 HFP1 Remote Code Execution http://www.dz-secure.com/tools/1/WebESploit.pl.txt if you are seeking for a partner to work on some projects just send an email inphex0 at gmail dot com system/vcronproc.php if !functionexists"writeLogEntry" function...
Code injection
The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '' and '' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a "user.password"...
CVE-2008-2018
The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '' and '' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a "user.password"...
CVE-2008-2018
CVE-2008-2018 affects PHPizabi 0.848b C1 HFP3. The AssignUser function in template.class.php performs unsafe macro expansions on strings delimited by { and }, enabling remote authenticated users to extract sensitive data via a macro in a comment (e.g., {user.password}) on an admin profile. The is...
phpizabi-disclose.txt
-------------------------------------------------------- PHPizabi v0.848b C1 HFP3 database information exposure -------------------------------------------------------- I would like to state that I am in no way responsible for how this information is used. It is just that, information and is...
PHPizabi v0.848b C1 HFP3 Database Information Disclosure Vuln
No description provided by source. -------------------------------------------------------- PHPizabi v0.848b C1 HFP3 database information exposure -------------------------------------------------------- I would like to state that I am in no way responsible for how this information is used. It is...
PHPizabi 0.848b C1 HFP3 - Database Information Disclosure
PHPizabi 0.848b C1 HFP3 - Database Information Disclosure -------------------------------------------------------- PHPizabi v0.848b C1 HFP3 database information exposure -------------------------------------------------------- I would like to state that I am in no way responsible for how this...
PHPizabi 0.848b C1 HFP3 - Database Information Disclosure
-------------------------------------------------------- PHPizabi v0.848b C1 HFP3 database information exposure -------------------------------------------------------- I would like to state that I am in no way responsible for how this information is used. It is just that, information and is...
PHPizabi v0.848b C1 HFP3 Database Information Disclosure Vuln
Exploit for unknown platform in category web applications ============================================================= PHPizabi v0.848b C1 HFP3 Database Information Disclosure Vuln =============================================================...
Unrestricted file upload
Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures...
CVE-2008-0805
Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures...