182 matches found
cutenews-exec.txt
---- CuteNews Remote Code Execution ... ITDefence.ru Antichat.ru Strawberry CuteNews Remote Code Execution Eugene Minaev [email protected] / \ \ \ / .\ / /// // / \ / \ // / / / /// /\ / / / / // / / / / / /\ / / / / / / / / / / / //\ \ / / / / // / // / /\ / // 2007 //// // //\ \ \...
CuteNews 1.1.1 (html.php) Remote Code Execution Vulnerability
Exploit for unknown platform in category web applications ============================================================= CuteNews 1.1.1 html.php Remote Code Execution Vulnerability ============================================================= ---- CuteNews Remote Code Execution ... ITDefence.ru...
CuteNews 1.1.1 - 'html.php' Remote Code Execution
---- CuteNews Remote Code Execution ... ITDefence.ru Antichat.ru Strawberry CuteNews Remote Code Execution Eugene Minaev [email protected] / \ \ \ / .\ / /// // / \ / \ // / / / /// /\ / / / / // / / / / / /\ / / / / / / / / / / / //\ \ / / / / // / // / /\ / // 2007 //// // //\ \ \...
CuteNews 1.1.1 - html.php Remote Code Execution
CuteNews 1.1.1 - html.php Remote Code Execution ---- CuteNews Remote Code Execution ... ITDefence.ru Antichat.ru Strawberry CuteNews Remote Code Execution Eugene Minaev [email protected] / \ \ \ / .\ / /// // / \ / \ // / / / /// /\ / / / / // / / / / / /\ / / / / / / / / / / / //\ \ / / /...
ipb search.php vulnerability analysis and thinking-vulnerability warning-the black bar safety net
ipb search.php vulnerability analysis and thinking A vulnerability model may unearth a batch of vulnerabilities Idea is the most important pregreplace+/e Author: SuperHeiAtph4nt0m.org Blog: http://superhei.blogbus.com/ Team: http://www.ph4nt0m.org Data: 2006-04-27 Simple analysis The vulnerabilit...
CVE-2006-2908
The domecode function in inc/functionspost.php in MyBulletinBoard MyBB 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a pregreplace function call with a /e executable modifier...
DEBIAN-CVE-2006-2878
The spellchecker spellcheck.php in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by pregreplace with the /e executable modifier...
CVE-2006-2878
The spellchecker spellcheck.php in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by pregreplace with the /e executable modifier...
CVE-2006-2878
The spellchecker spellcheck.php in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by pregreplace with the /e executable modifier...
CVE-2006-2878
The spellchecker spellcheck.php in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by pregreplace with the /e executable modifier...
CVE-2006-2878
The spellchecker spellcheck.php in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by pregreplace with the /e executable modifier...
[Full-disclosure] Advisory 04/2006: DokuWiki PHP code execution vulnerability in spellchecker
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: DokuWiki PHP code execution vulnerability in spellchecker Release Date: 2006/06/05 Last Modified: 2006/06/05 Author: Stefan Esser [email protected] Application: DokuWiki...
ipb search.php vulnerability analysis and thinking-vulnerability warning-the black bar safety net
Author: SuperHeiAtph4nt0m.org Blog: http://superhei.blogbus.com/ Team: http://www.ph4nt0m.org Data: 2006-04-27 Simple analysis The vulnerability is another one of pregreplace+/e vulnerability,代码 在 \sources\actionadmin\search.php line 1 2 5 8-1 2 6 a 2: if $this-ipsclass-input'lastdate' $this-outp...
CVE-2005-3420
usercpregister.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signaturebbcodeuid parameter, as demonstrated by injecting an "e" modifier into a pregreplace statement...
CVE-2005-3420
usercpregister.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signaturebbcodeuid parameter, as demonstrated by injecting an "e" modifier into a pregreplace statement...
Security Advisory - phpBB 2.0.15 PHP-code injection bug
Security Advisory -//- phpBB 2.0.15 PHP-code injection bug Program: phpBB 2.0.15 and older versions Homepage: http://www.phpbb.com Risk: Very High Date: June 28 2005 Title: PHP-code injection bug Type: partial disclosure Author: Ron van Daal :. Vendor notified: June 23 2005 Background: phpBB is a...
Re: [Full-disclosure] Security Advisory - phpBB 2.0.15 PHP-code injection bug
On 28 Jun ‘05, at 14:47, ronvdaal wrote: Proof of concept: http://some.forum/viewtopic.php?p=postnum&highlight='.dieomghax.' Uh, whoops. Another suggested solution: Remove the highlight handling code in viewtopic.php or replace it with something that does not use the /e flag to pregreplace. As it...
phpbb -- remote PHP code execution vulnerability
FrSIRT Advisory reports: A vulnerability was identified in phpBB, which may be exploited by attackers to compromise a vulnerable web server. This flaw is due to an input validation error in the "viewtopic.php" script that does not properly filter the "highlight" parameter before calling the...
CVE-2005-1820
Zeroboard zboard.php in versions 4.1pl2–4.1pl5 is affected by CVE-2005-1820: improper quoting in preg_replace allows remote attackers to execute arbitrary PHP code. Impact is remote code execution; no specific patch/version remediation is provided in the supplied documents. Exploitation details a...
CVE-2005-1820
zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attackers to execute arbitrary PHP code via improper quoting when using the pregreplace function...