107 matches found
vBSEO 3.6.0 - 'proc_deutf()' Remote PHP Code Injection (Metasploit)
require 'msf/core' class Metasploit3 'vBSEO %q This module exploits a vulnerability in the 'procdeutf' function defined in /includes/functionsvbseocpabstract.php. User input passed through 'charrepl' POST parameter isn't properly sanitized before being used in a call to pregreplace function which...
vBSEO <= 3.6.0 "proc_deutf()" Remote PHP Code Injection Exploit
Exploit for php platform in category web applications require 'msf/core' class Metasploit3 'vBSEO %q This module exploits a vulnerability in the 'procdeutf' function defined in /includes/functionsvbseocpabstract.php. User input passed through 'charrepl' POST parameter isn't properly sanitized...
phpMyAdmin 3.x preg_replace RCE POC
I'm flooded with requests for a POC and many doubt that these vulnerabilities are exploitable. And since this vulnerability is rather technically interesting I believe many could learn from it. http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html...
FreeBSD : phpmyadmin -- multiple vulnerabilities (7e4e5c53-a56c-11e0-b180-00216aa06fc2)
The phpMyAdmin development team reports : It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This could open a path for other attacks. An unsanitized key from the Servers array is written in a comment of the generated config. An attacker can...
KLINK - SQL Injection
Andr�s G�mez Exploit Title : KLINK Sql Injection Vulnerability Date : 2010-12-31 Author : Andr�s G�mez Software Developed by : http://www.contacto.com Contact : [email protected] Dork : "allinurl:.php?txtCodiInfo=" An attacker may execute arbitrary SQL statements on the vulnerable system...
phpBB viewtopic.php Arbitrary Code Execution
$Id: phpbbhighlight.rb 7724 2009-12-06 05:50:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...
Zeroboard 4.1 pl7 Code Execution
/ poc by kyoungchip,jang email : [email protected] the bug - http://www.xpressengine.com/15955761 Application - Zeroboard 4.1 pl7 Reference: - http://www.nzeo.com - Zeroboard pregreplace vulnerability Remote nobody exploit by n0gada Target - My test server $ ./zbexpl...
PHP Evaluation Replacement String
mberegireplace evaluate replacement string vulnerability by ryatwww.80vul.com when option parameter set e, matchs not be escaped. ex: phpinfo will be evaluated. mberegreplace if replacelen - i = 2 && fwd == 1 && p0 == '\' && p1 = '0' && p1 = 0 && n numregs if regs-begn = 0 && regs-begn endn &&...
PHP mb_ereg(i)_replace() Evaluate Replacement String Vulnerability
No description provided by source. mberegireplace evaluate replacement string vulnerability by ryatwww.80vul.com when option parameter set e, matchs not be escaped. ex: ?php function hi80vul $str = '', phpinfo, ''; mberegreplace'^.$', 'hi80vul'\1'', $str, 'e'; ? phpinfo will be evaluated...
PHP - 'mb_ereg(i)_replace()' Evaluate Replacement String
mberegireplace evaluate replacement string vulnerability by ryatwww.80vul.com when option parameter set e, matchs not be escaped. ex: phpinfo will be evaluated. mberegreplace if replacelen - i = 2 && fwd == 1 && p0 == '\' && p1 = '0' && p1 = 0 && n numregs if regs-begn = 0 && regs-begn endn &&...
PHP mb_ereg(i)_replace() Evaluate Replacement String Vulnerability
Exploit for multiple platform in category local exploits ================================================================== PHP mberegireplace Evaluate Replacement String Vulnerability ================================================================== mberegireplace evaluate replacement string...
PHP - mb_ereg(i)_replace() Evaluate Replacement String
PHP - mberegireplace Evaluate Replacement String mberegireplace evaluate replacement string vulnerability by ryatwww.80vul.com when option parameter set e, matchs not be escaped. ex: phpinfo will be evaluated. mberegreplace if replacelen - i = 2 && fwd == 1 && p0 == '\' && p1 = '0' && p1 = 0 && n...
PHPizabi 0.848b Privilege Escalation
-------------------------------------------------------------------------------- PHPizabi v0.848b C1 HFP1 proc.inc.php remote privilege escalation php.ini independent by Nine:Situations:Group::bookoo -------------------------------------------------------------------------------- our site:...
PHPizabi v0.848b C1 HFP1 Remote Privilege Escalation Vulnerability
No description provided by source. -------------------------------------------------------------------------------- PHPizabi v0.848b C1 HFP1 proc.inc.php remote privilege escalation php.ini independent by Nine:Situations:Group::bookoo...
Code injection
The createanchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the pregreplace function with the eval switch...
CVE-2008-5920
The createanchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the pregreplace function with the eval switch...
CVE-2008-5920
The createanchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the pregreplace function with the eval switch...
roundcube -- webmail script insertion and php code injection
Secunia reports: Some vulnerabilities have been reported in RoundCube Webmail, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct script insertion attacks and compromise a vulnerable system. The HTML "background" attribute within e.g. HT...
[Backports-security-announce] Security update for roundcube
Hi, Ive just uploaded new roundcube packages to etch-backports fixing the security issues listed below. Please note that these are remote exploitable issues and an upgrade is highly recommended. Fix a vulnerability in quota image generation. This fixes CVE-2008-5620. Thanks to Nico Golde for...
Roundcube Webmail 0.2-3 Beta - Code Execution
Roundcube Webmail 0.2-3 Beta - Code Execution Public Release Date of POC: 2008-12-22 Author: Jacobo Avariento Gimeno Sofistic CVE id: CVE-2008-5619 Bugtraq id: 32799 Severity: Critical Vulnerability reported by: RealMurphy Intro ---- Roundcube Webmail is a browser-based IMAP client that uses...