Dir2web3 3.0 SQL Injection / Information Disclosure

Title: ====== Dir2web3 Multiple Vulnerabilities Date: ===== 05/08/2012 Author: ======= Daniel Correa http://www.sinfocol.org/ Vulnerable software: ==================== Dir2web v3.0 http://www.dir2web.it/ CVE: ==== CVE-2012-4069 CVE-2012-4070 Details: ======== There are two vulnerabilities...

CVE-2010-2191

The 1 parsestr, 2 pregmatch, 3 unpack, and 4 pack functions; the 5 ZENDFETCHRW, 6 ZENDCONCAT, and 7 ZENDASSIGNCONCAT opcodes; and the 8 ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents or...

CVE-2009-3815

CVE-2009-3815 affects RunCMS 2M1. When run with certain error_reporting levels, remote attackers can access sensitive information via the op[] parameter to modules/contact/index.php or the uid[] parameter to userinfo.php, causing an error message to leak the installation path through preg_match. ...

Discuz! < 5.50论坛preg_match()函数未初始化$onlineipmatches变量漏洞

Discuz!是一款华人地区非常流行的Web论坛程序。 在Discuz!论坛的include/common.inc.php文件中： $magicquotesgpc = getmagicquotesgpc; @extractdaddslashes$COOKIE; @extractdaddslashes$POST; @extractdaddslashes$GET; //覆盖变量,这里我们可以覆盖$SERVER if!$magicquotesgpc $FILES = daddslashes$FILES; ..... ifgetenv'HTTPCLIENTIP' &&...