EUVD-2005-4581

Malware in sbrugna...

EUVD-2006-2066

Malware in sbrugna...

limesurvey (phpsurveyor) 1.49rc2 - Remote File Inclusion Vulnerability

No description provided by source. Owner : Pr0T3cT10n Email : [email protected] Homepage : www.kamikaz-team.com Script site : www.limesurvey.org Script name : LimeSurvey PHPSurveyor Version : 1.49RC2 Type : RFIRemote File Include Source :...

PHPSurveyor <= 0.995 (surveyid) Remote Command Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo \r\n; echo PHPSurveyor = 0.995 'save.php/surveyid' remote cmmnds xctn \r\n; echo by rgod [email protected] site: http://retrogod.altervista.org \r\n; echo a special tnX goes to Frozen for his dork! \r\n; echo and a...

PHPSurveyor Shell Upload

-= G4eL =- Exploit Title: PHPSurveyor - Shell Upload Exploit Author: G4eL Date: 26/12/2013 Product: PHPSurveyor Official Site: http://www.limesurvey.org/ Risk Level: High /admin/templates.php - File Upload URL SITE = Default directory of PHPSurveyor Example : http://site.com/survey/ File Uploaded...

CVE-2012-4927

SQL injection vulnerability in Limesurvey a.k.a PHPSurveyor before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php...

CVE-2012-4927

SQL injection vulnerability in Limesurvey a.k.a PHPSurveyor before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php...

CVE-2012-4927

CVE-2012-4927 affects LimeSurvey (PHPSurveyor) systems, where SQL injection is possible through the fieldnames parameter in index.php for versions before 1.91+ Build 120224. This could allow remote attackers to execute arbitrary SQL commands, impacting confidentiality, integrity, and availability...

Code injection

Multiple unspecified vulnerabilities in LimeSurvey formerly PHPSurveyor before 1.71 have unknown impact and attack vectors...

CVE-2008-2570

Technical details of CVE-2008-2570 are not publicly available in the provided documents. The records note multiple unspecified vulnerabilities in LimeSurvey before 1.71 with unknown impact. Monitor for updates.

CVE-2008-2571

CVE-2008-2571 details (MODE C): LimeSurvey (formerly PHPSurveyor) is affected by a CSRF vulnerability in the quota-management workflow. Specifically, an attacker can abuse a CSRF flaw in the “modify quota” action to cause an administrator’s quotas to be changed. The vulnerability is described as ...

CVE-2008-2570

Multiple unspecified vulnerabilities in LimeSurvey formerly PHPSurveyor before 1.71 have unknown impact and attack vectors...

CVE-2007-3632

LimeSurvey (aka PHPSurveyor) 1.49RC2 contains multiple PHP remote file inclusion flaws exploitable via the homedir parameter to various admin/classes/pear/ and Spreadsheet/Excel/Writer PHP files, enabling remote code execution. Root cause is unsafely including remote files based on user input. No...

LimeSurvey (phpsurveyor) 1.49rc2 - Remote File Inclusion

Owner : Pr0T3cT10n Email : [email protected] Homepage : www.kamikaz-team.com Script site : www.limesurvey.org Script name : LimeSurvey PHPSurveyor Version : 1.49RC2 Type : RFIRemote File Include Source : http://sourceforge.net/project/showfiles.php?groupid=74605 D0rk : "You have not provided a...

LimeSurvey (PHPSurveyor) 1.49RC2 Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ==================================================================== LimeSurvey PHPSurveyor 1.49RC2 Remote File Inclusion Vulnerability ==================================================================== Owner : Pr0T3cT10n Script name :...

LimeSurvey (phpsurveyor) 1.49rc2 - Remote File Inclusion

LimeSurvey phpsurveyor 1.49rc2 - Remote File Inclusion Owner : Pr0T3cT10n Email : [email protected] Homepage : www.kamikaz-team.com Script site : www.limesurvey.org Script name : LimeSurvey PHPSurveyor Version : 1.49RC2 Type : RFIRemote File Include Source :...

CVE-2006-2065

SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the...

CVE-2006-2065

PHPSurveyor

CVE-2006-2065

SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the...

phpsurveyor_0995_xpl

!/usr/bin/php -q -d shortopentag=on works regardless of magicquotes gpc settings \r\n"; echo " with at least one row in 'surveys' table \r\n"; echo " and if we succeed to include logs \r\n"; echo "\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo "host: target server...