CVE-2006-6886

phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for 1 files.public-userroot.inc.php or 2 files.private.additions.inc.php in include/inclib/, which reveals the path in various error messages...

phpwcms <= 1.1-RC4 (spaw) Remote File Include Vulnerability

No description provided by source. PhpwCMS 1.2.6 = Multiple Remote file inclusion vulnerabilities Discovered by : |/| . .. | || ||| | | Vuln In : include $spawroot.'class/lang.class.php'; Affected Files : include/incext/spaw/dialogs/table.php include/incext/spaw/dialogs/a.php...

phpwcms存在远程执行代码和mail表格跨过安全设置漏洞

多重弱点就已phpwcms,远程攻击者可以利用来执行任意指令或绕过安全限制. 第一个问题是:由于输入错误的验证"phpwcmscodesnippets/mailfileform.phP"字剧本并不妥当验证"nomeevento","textevento"、"emailevento"参数,然后通过"renderphpcode"功能远程攻击者可以利用注入和执行PHP的任意特权代码与Web服务...

phpwcms <= 1.2.6 (Cookie: wcs_user_lang) Local File Include Exploit

No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...

phpwcms <= 1.2.6 (Cookie: wcs_user_lang) Local File Include Exploit

Exploit for unknown platform in category web applications =================================================================== phpwcms = 1.2.6 Cookie: wcsuserlang Local File Include Exploit =================================================================== ? print ' ::::::::: :::::::::: ::: :::...

PHPWCMS 1.2.6 - Cookie: wcs_user_lang Local File Inclusion

DEVIL TEAM IRC: 72.20.18.6:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Greetings DragonHeart and all DEVIL TEAM Patriots : - Leito & Leon TomZen, Gelo, Ramzes, DMX, Ci2u,...

PHPWCMS 1.2.6 - Cookie: wcs_user_lang Local File Inclusion

PHPWCMS 1.2.6 - Cookie: wcsuserlang Local File Inclusion DEVIL TEAM IRC: 72.20.18.6:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Greetings DragonHeart and all DEVIL TEAM...

PHPWCMS 1.1-RC4 - &#039;spaw&#039; Remote File Inclusion

PhpwCMS 1.2.6 = Multiple Remote file inclusion vulnerabilities Discovered by : |/| . .. | || ||| | | Vuln In : include $spawroot.'class/lang.class.php'; Affected Files : include/incext/spaw/dialogs/table.php include/incext/spaw/dialogs/a.php include/incext/spaw/dialogs/colorpicker.php...

PhpwCMS 1.2.6 &lt;= Multiple Remote file inclusion vulnerabilities

PhpwCMS 1.2.6 = Multiple Remote file inclusion vulnerabilities Discovered by : |/| . .. | || ||| | | Vuln In : include $spawroot.'class/lang.class.php'; Affected Files : include/incext/spaw/dialogs/table.php include/incext/spaw/dialogs/a.php include/incext/spaw/dialogs/colorpicker.php...

phpwcms <= 1.1-RC4 (spaw) Remote File Include Vulnerability

Exploit for unknown platform in category web applications =========================================================== phpwcms = 1.1-RC4 spaw Remote File Include Vulnerability =========================================================== PhpwCMS 1.2.6 = Multiple Remote file inclusion vulnerabilities...

PHPWCMS 1.1-RC4 - spaw Remote File Inclusion

PHPWCMS 1.1-RC4 - spaw Remote File Inclusion PhpwCMS 1.2.6 = Multiple Remote file inclusion vulnerabilities Discovered by : |/| . .. | || ||| | | Vuln In : include $spawroot.'class/lang.class.php'; Affected Files : include/incext/spaw/dialogs/table.php include/incext/spaw/dialogs/a.php...

phpwcms spaw_control.class.php spaw_root Parameter Remote File Inclusion

The remote host is running phpwcms, an open source content management system written in PHP. The version of phpwcms installed on the remote host fails to sanitize user-supplied input to the 'spawroot' parameter before using it in PHP include functions in the...

[KAPDA::#43] - phpwcms multiple vulnerabilities

Vendor: http://www.phpwcms.de Bugs: Path Disclosure, XSS, Local File Inclusion, Remote Code Execution Vulnerable Version: phpwcms 1.2.5-DEV prior versions also maybe affected Exploitation: Remote with browser Description: -------------------- phpwcms is a web content management system optimized f...

Directory traversal

Directory traversal vulnerability in include/incext/spaw/spawcontrol.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. dot dot sequences in the spawroot parameter. NOTE: CVE analysis suggests that this issue is actually in SPAW Editor PHP Edition...

CVE-2006-2519

Directory traversal vulnerability in include/incext/spaw/spawcontrol.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. dot dot sequences in the spawroot parameter. NOTE: CVE analysis suggests that this issue is actually in SPAW Editor PHP Edition...

CVE-2006-2518

Cross-site scripting XSS vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BLbecntplainhtml parameter to include/inctmpl/content/cnt6.inc.php...

Cross site scripting

Cross-site scripting XSS vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BLbecntplainhtml parameter to include/inctmpl/content/cnt6.inc.php...

CVE-2006-2518

CVE-2006-2518 affects phpWCMS 1.2.5-DEV where a crafted value in the BL[be_cnt_plainhtml] parameter is echoed into include/inc_tmpl/content/cnt6.inc.php, enabling cross-site scripting. The vulnerability originates from improper handling of user-supplied input in that parameter, leading to arbitra...

CVE-2006-2519

Directory traversal vulnerability in include/incext/spaw/spawcontrol.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. dot dot sequences in the spawroot parameter. NOTE: CVE analysis suggests that this issue is actually in SPAW Editor PHP Edition...

CVE-2006-2518

Cross-site scripting XSS vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BLbecntplainhtml parameter to include/inctmpl/content/cnt6.inc.php...