Lucene search
K

6078 matches found

OpenVAS
OpenVAS
added 2006/03/26 12:0 a.m.15 views

Plume CMS <= 1.0.2 Remote File Inclusion Vulnerability

Plume CMS is prone to local and remote file inclusion vulnerabilities. SPDX-FileCopyrightText: 2006 Ferdy Riphagen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.4AI score0.02957EPSS
Exploits0References4
NVD
NVD
added 2006/03/21 2:6 a.m.19 views

CVE-2006-1339

Directory traversal vulnerability in inc/functions.inc.php in CuteNews 1.4.1 and possibly other versions, when registerglobals is enabled, allows remote attackers to include arbitrary files via a .. dot dot sequence and trailing NULL %00 byte in the archive parameter in an HTTP POST or COOKIE...

5CVSS6.9AI score0.01586EPSS
Exploits1References5
Cvelist
Cvelist
added 2006/03/09 11:0 a.m.20 views

CVE-2006-1112

Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a long login value in a register form, which displays the installation path in a MySQL error message...

6AI score0.03127EPSS
Exploits1References5
0day.today
0day.today
added 2006/03/08 12:0 a.m.81 views

Gallery <= 2.0.3 stepOrder[] Remote Commands Execution Exploit

Exploit for unknown platform in category web applications ============================================================== Gallery autisticiorg \r\n"; echo "site: http://retrogod.altervista.org \r\n\r\n"; echo "- works with registerglobals = On and magicquotesgpc = Off \r\n"; if $argc5 echo "Usage:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/03/07 12:0 a.m.67 views

OWL Intranet Engine 0.82 (xrms_file_root) Code Execution Exploit

No description provided by source. !/usr/bin/perl use IO::Socket; print "WwwWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW\r\n"; print "WWwoLWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW\r\n"; print...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2006/02/26 12:0 a.m.19 views

igenus_remote.txt

!/usr/bin/perl use IO::Socket; print "\r\n"; print "iGENUS WebMail works against PHP5 with registerglobals = On\r\n"; print " & allowurlfopen = On\r\n"; print "by rgod rgodautisticiorg\r\n"; print "site: http://retrogod.altervista.org\r\n\r\n"; print "dork: intitle:"igenus webmail login"\r\n";...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2006/02/25 12:0 a.m.46 views

iGENUS WebMail 2.0.2 - &#039;config_inc.php&#039; Remote Code Execution

!/usr/bin/perl use IO::Socket; print "\r\n"; print "iGENUS WebMail works against PHP5 with registerglobals = On\r\n"; print " & allowurlfopen = On\r\n"; print "by rgod rgodautisticiorg\r\n"; print "site: http://retrogod.altervista.org\r\n\r\n"; print "dork: intitle:"igenus webmail login"\r\n";...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2006/02/25 12:0 a.m.40 views

iGENUS WebMail &lt;= 2.0.2 (config_inc.php) Remote Code Execution Exploit

No description provided by source. !/usr/bin/perl use IO::Socket; print "\r\n"; print "iGENUS WebMail = 2.0.2 remote commads xctn\r\n"; print "- works against PHP5 with registerglobals = On\r\n"; print " & allowurlfopen = On\r\n"; print "by rgod rgodATautisticiDOTorg\r\n"; print "site:...

7.1AI score
Exploits0
Prion
Prion
added 2006/02/24 11:2 a.m.17 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in Noah's Classifieds 1.3 allow remote attackers to inject arbitrary web script or HTML via the 1 inf parameter; or, when registerglobals is enabled, the 2 upperTemplate and 3 lowerTemplate parameters...

4.3CVSS5.9AI score0.01867EPSS
Exploits1References6Affected Software1
exploitpack
exploitpack
added 2006/02/22 12:0 a.m.24 views

Noahs Classifieds 1.3 - lowerTemplate Remote Code Execution

Noahs Classifieds 1.3 - lowerTemplate Remote Code Execution Noahs classifieds 1.3 Remote Code Execution Noahs classifieds 1.3 Remote Code Execution by trueend5 Computer Security Researchers Institute KAPDA...

0.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2006/02/18 12:0 a.m.5 views

PT-2006-1804 · Dotproject · Dotproject

Name of the Vulnerable Software and Affected Versions: dotProject versions 2.0.1 and earlier Description: The issue allows remote attackers to execute arbitrary commands via the baseDir parameter in several PHP files, including db adodb.php, db connect.php, session.php, vw usr roles.php,...

5.6CVSS8AI score0.07846EPSS
Exploits1References29
Prion
Prion
added 2006/02/16 11:2 a.m.13 views

Authentication flaw

profile.php in Reamday Enterprises Magic News Lite 1.2.3, when registerglobals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified 1 action, 2 passwd, 3 adminpassword, 4 newpasswd, and 5 confirmpasswd variables, which are not...

2.6CVSS7.4AI score0.01278EPSS
Exploits1References5Affected Software1
0day.today
0day.today
added 2006/02/10 12:0 a.m.20 views

Invision Power Board <= 2.1.4 (Register Users) Denial of Service Exploit

Exploit for multiple platform in category dos / poc...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/02/10 12:0 a.m.35 views

Invision Power Board 2.1.4 - Register Users Denial of Service

!/usr/bin/perl use IO::Socket; | | | \ | | |/ IPB Register Multiple Users Denial of Service Doesn't Work on forums using "Code Confirmation" Created By SkOd SED security Team http://www.sed-team.be [email protected] ISRAEL print q Invision Power Board Multiple Users DOS Tested on IPB 2.0.1 create...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2006/02/10 12:0 a.m.62 views

Invision Power Board 2.1.4 - Register Users Denial of Service

Invision Power Board 2.1.4 - Register Users Denial of Service !/usr/bin/perl use IO::Socket; | | | \ | | |/ IPB Register Multiple Users Denial of Service Doesn't Work on forums using "Code Confirmation" Created By SkOd SED security Team http://www.sed-team.be [email protected] ISRAEL print q...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/02/05 12:0 a.m.70 views

Loudblog backend_settings.php Multiple Parameter Remote File Inclusion

The remote host is running Loudblog, a PHP application for publishing podcasts and similar media files. The installed version of Loudblog fails to validate user input to the 'GLOBALSpath' and 'language' parameters before using them in the 'loudblog/inc/backendsettings.php' script in a PHP 'includ...

7.5CVSS5.8AI score0.09164EPSS
Exploits1References3
NVD
NVD
added 2006/01/11 9:3 p.m.19 views

CVE-2006-0164

phgstats.inc.php in phgstats before 0.5.1, if registerglobals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable...

7.5CVSS7.5AI score0.03149EPSS
Exploits0References6
Cvelist
Cvelist
added 2006/01/10 9:0 p.m.16 views

CVE-2005-4642

Multiple cross-site scripting XSS vulnerabilities in HydroBB 1.0.0 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to 1 search.php, 2 members.php, 3 stats.php, 4 viewforum.php, 5 register.php, 6 usercp.php, 7 groups.php, 8 pms.php, and 9 calendar.php...

5.8AI score0.01915EPSS
Exploits1References12
Exploit DB
Exploit DB
added 2006/01/09 12:0 a.m.78 views

Magic News Plus 1.0.3 - Admin Pass Change

!/usr/bin/perl Magic News Plus All rights reserved. An input validation flaw exists within 'settings.php' of Magic News Plus which can lead to the changing of the administrative password. Here is where the problem is line 108 of 426: ... 1 elseif $action == "change" ... 2 if $passwd !=...

7.4AI score
Exploits0
Metasploit
Metasploit
added 2006/01/06 3:34 p.m.15 views

Alpha2 Alphanumeric Unicode Uppercase Encoder

Encodes payload as unicode-safe uppercase text. This encoder uses SkyLined's Alpha2 encoding suite. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/encoder/alpha2/unicodeupper' class MetasploitModule...

7.3AI score
Exploits0
Rows per page
Query Builder