216 matches found
PHPWCMS Cross-Site Request Forgery Vulnerability
No description provided by source. ?php / Exploit Title: PHPWCMS Cross-Site Request Forgery Vulnerability Date: 06/16/2010 Author: Jeremiah Talamantes Software Link: http://phpwcms.googlecode.com/files/phpwcmsr398.zip Version: 1.4.5 r398 Tested on: WinXP SP2 EN on WAMP 2.0 CVE: N/A Jeremiah...
PHPWCMS 1.4.5 r398 - Cross-Site Request Forgery
PHPWCMS 1.4.5 r398 - Cross-Site Request Forgery PHPWCMS 1.4.5 r389 Cross Site Request Forgery function myfunc var frm = document.getElementById"csrf"; frm.submit; window.onload = myfunc; input type="hidden" name="dirpublic" val...
PHPWCMS 1.4.5 r398 - Cross-Site Request Forgery
PHPWCMS 1.4.5 r389 Cross Site Request Forgery function myfunc var frm = document.getElementById"csrf"; frm.submit; window.onload = myfunc;...
PHPWCMS 1.4.5 r389 Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications =========================================================== PHPWCMS 1.4.5 r389 Cross Site Request Forgery Vulnerability =========================================================== PHPWCMS 1.4.5 r389 Cross Site Request Forgery function myfunc v...
How hackers exploit file include vulnerabilities website intrusion-vulnerability warning-the black bar safety net
One, see vulnerability announcement Recent want to learn what the files contain vulnerability, inadvertently saw on the file that contains the vulnerability announcement. Roughly meaning is such, PhpwCMS 1.2.6 system The following files exist in the file containing the vulnerability:...
Immunity Canvas: PHPWCMS_INCLUDE
Name| phpwcmsinclude ---|--- CVE| CVE-2007-5185 Exploit Pack| CANVAS Description| phpwcms remote file include Notes| CVSS: 6.8 Repeatability: Infinite VENDOR: phpwcms CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5185 CVE Name: CVE-2007-5185...
CVE-2007-5185
Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 BETA and earlier allow remote attackers to execute arbitrary PHP code via a URL in the HTMLMENUDirPath parameter to 1 configHTMLMENU.php and 2 configPHPLM.php in phpwcmstemplate/incscript/frontendrender/navigation/...
CVE-2007-5185
In the provided documents, CVE-2007-5185 affects phpWCMS XT 0.0.7 BETA and earlier, describing a Remote File Inclusion flaw. The vulnerability enables remote attackers to execute arbitrary PHP code by supplying a URL via the HTML_MENU_DirPath parameter to the navigation scripts (config_HTML_MENU....
CVE-2007-5185
Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 BETA and earlier allow remote attackers to execute arbitrary PHP code via a URL in the HTMLMENUDirPath parameter to 1 configHTMLMENU.php and 2 configPHPLM.php in phpwcmstemplate/incscript/frontendrender/navigation/...
CVE-2006-7018
phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via a crafted argument to the nomeevento parameter to phpwcmscodesnippets/mailfileform.php and 2 sampleextphp/mailfileform.php, which is processed by the renderPHPcode function...
CVE-2006-7019
phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via crafted arguments to the 1 textevento and 2 emaileventonomeevento parameters to phpwcmscodesnippets/mailfileform.php and sampleextphp/mailfileform.php, which is processed by the renderPHPcode...
CVE-2006-7020
CRLF injection vulnerability in 1 include/incact/actformmailer.php and possibly 2 sampleextphp/mailfileform.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer HTTPREFERER...
CVE-2006-7019
Summary: CVE-2006-7019 affects phpwcms 1.2.5-DEV and earlier, and 1.1 prior to RC4, enabling remote arbitrary code execution via crafted arguments to the text_evento and email_eventonome_evento parameters. The vulnerable code paths are phpwcms_code_snippets/mail_file_form.php and sample_ext_php/m...
CVE-2006-7018
phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via a crafted argument to the nomeevento parameter to phpwcmscodesnippets/mailfileform.php and 2 sampleextphp/mailfileform.php, which is processed by the renderPHPcode function...
CVE-2006-7020
CRLF injection vulnerability in 1 include/incact/actformmailer.php and possibly 2 sampleextphp/mailfileform.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer HTTPREFERER...
CVE-2006-7018
Affected software : phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4. Vulnerability : remote code execution via a crafted argument to the nome_evento parameter in phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, processed by the render_PHPcode function. Impact ...
CVE-2006-7020
The CVE-2006-7020 entry affects phpwcms up to 1.2.5-DEV and 1.1 before RC4, where a CRLF injection in include/inc_act/act_formmailer.php and possibly sample_ext_php/mail_file_form.php enables remote header manipulation and spoofed HTTP_REFERER to send spam via HTTP headers. Root cause: CRLF injec...
CVE-2006-7019
phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via crafted arguments to the 1 textevento and 2 emaileventonomeevento parameters to phpwcmscodesnippets/mailfileform.php and sampleextphp/mailfileform.php, which is processed by the renderPHPcode...
CVE-2006-6886
phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for 1 files.public-userroot.inc.php or 2 files.private.additions.inc.php in include/inclib/, which reveals the path in various error messages...
CVE-2006-6886
The vulnerability affects phpwcms 1.2.5-DEV. Affected component: include/inc_lib/ files public-userroot.inc.php and private.additions.inc.php. Root cause: direct requests expose filesystem paths in error messages, enabling information disclosure. Impact: partial confidentiality breach; no evidenc...