Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection

------------------------------------------------------------------------- Tiki Wiki CMS Groupware = 8.2 snarfajax.php Remote PHP Code Injection ------------------------------------------------------------------------- author...........: Egidio Romano aka EgiX mail.............:...

Tiki Wiki CMS Groupware 8.2 - 'snarf_ajax.php' Remote PHP Code Injection

------------------------------------------------------------------------- Tiki Wiki CMS Groupware /tiki-8.2/snarfajax.php?url=1&regexres=phpinfo&regex=//e%00/ Tiki internal filters remove all null bytes from user input, but for some strange reason this doesn't happen within admin sessions. So,...

PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Vulnerability

------------------------------------------------------------------- PmWiki = 2.2.34 pagelist Remote PHP Code Injection Vulnerability ------------------------------------------------------------------- author...............: Egidio Romano aka EgiX mail.................: n0b0d13satgmaildotcom...

PmWiki 2.2.34 - 'pagelist' Remote PHP Code Injection (1)

$r 454. if @$PageListSortCmp$o 455. $code .= "$c = $PageListSortCmp$o; "; 456. else 457. $code .= "$c = @strcasecmp$PCache$x'$o',$PCache$y'$o'; "; 458. $code .= "if $c return $r$c;\n"; 459. 460. StopWatch'PageListSort sort'; 461. if $code 462. uasort$list, 463. createfunction'$x,$y',...

phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection Exploit

phpLDAPadmin = 1.2.1.1 queryengine Remote PHP Code Injection Exploit author...............: EgiX mail.................: n0b0d13satgmaildotcom software link........: http://phpldapadmin.sourceforge.net/ affected versions....: from 1.2.0 to 1.2.1.1 - vulnerable code in /lib/functions.php 1002...

Dolphin <= 7.0.7 (member_menu_queries.php) Remote PHP Code Injection

-------------------------------------------------------------------- Dolphin = 7.0.7 membermenuqueries.php Remote PHP Code Injection -------------------------------------------------------------------- author...............: EgiX mail.................: n0b0d13satgmaildotcom software link........:...

FreeBSD : phpLDAPadmin -- Remote PHP code injection vulnerability (edf47177-fe3f-11e0-a207-0014a5e3cda6)

EgiX n0b0d13s at gmail dot com reports : The $sortby parameter passed to 'masort' function in file lib/functions.php isn't properly sanitized before being used in a call to createfunction at line 1080. This can be exploited to inject and execute arbitrary PHP code. The only possible attack vector...

phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (1)

phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection 1 ?php / ------------------------------------------------------------------------ phpLDAPadmin = 1.2.1.1 queryengine Remote PHP Code Injection Exploit ------------------------------------------------------------------------ author...............:...

phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection

Exploit for php platform in category web applications ?php / ------------------------------------------------------------------------ phpLDAPadmin = 1.2.1.1 queryengine Remote PHP Code Injection Exploit ------------------------------------------------------------------------ author..................

Dolphin 7.0.7 - member_menu_queries.php Remote PHP Code Injection

Dolphin 7.0.7 - membermenuqueries.php Remote PHP Code Injection ?php / ---------------------------------------------------------------------------- Dolphin = 7.0.7 membermenuqueries.php Remote PHP Code Injection Exploit ----------------------------------------------------------------------------...

vBulletin 4.1.2 search.php SQL Injection

Requirements require 'msf/core' Class declaration class Metasploit3 'vBulletin 4 %q vBulletin versions 4 Exploit Only 'James Bercegay http://www.gulftech.org/ ' , 'License' = MSFLICENSE, 'References' = 'BID', '47281' , , 'Privileged' = false, 'Platform' = 'php', 'Arch' = ARCHPHP, 'Targets' =...

RoSPORA 1.5.0 - Remote PHP Code Injection

'; 671. $link=$SERVER'PHPSELF'."?f=".$flag."&s="; 672. 673. if !empty$plarray 674. 675. usort$plarray, createfunction'$a, $b', 'if $a'.$sort.' == $b'.$sort.' return 0; if $a'.$sort.' '.$sorttype.' $b'.$sort.' return -1; return 1;'; 676. Input parameter passed through $GET's' isn't properly...

RoSPORA 1.5.0 - Remote PHP Code Injection

RoSPORA 1.5.0 - Remote PHP Code Injection '; 671. $link=$SERVER'PHPSELF'."?f=".$flag."&s="; 672. 673. if !empty$plarray 674. 675. usort$plarray, createfunction'$a, $b', 'if $a'.$sort.' == $b'.$sort.' return 0; if $a'.$sort.' '.$sorttype.' $b'.$sort.' return -1; return 1;'; 676. Input parameter...

Simple Machines Forum (SMF) 1.1.102.0 RC2 - Multiple Vulnerabilities

Simple Machines Forum SMF 1.1.102.0 RC2 - Multiple Vulnerabilities Simple Machines Forum is prone to multiple security vulnerabilities: - A remote PHP code-execution vulnerability - Multiple cross-site scripting vulnerabilities - Multiple cross-site request-forgery vulnerabilities - An...

Movie PHP Script 2.0 Code Execution

Movie PHP Script v2.0 Remote PHP Code Execution + Discovered By SirGod + www.mortal-team.org + Remote PHP Code Execution - Vulnerable code in system/services/init.php : --------------------------------------------------------------------------------- Line 84 : @evalstripslashes$REQUEST'anticode';...

XOOPS 2.3.2 (mydirname) Remote PHP Code Execution Exploit

No description provided by source. !/usr/bin/php -q ?php / XOOPS 2.3.2 mydirname Remote PHP Code Execution Exploit by athos - stakerathotmaildotit http://xoops.org thanks to s3rg3770 and The:Paradox works with register globals on note: this vuln is a remote php code execution Directory...

Admbook PHP Code Injection Flaw

The remote web server contains a PHP script that allows arbitrary code injection. Description : The remote host is running AdmBook, a PHP-based guestbook. The remote version of this software is prone to remote PHP code injection due to a lack of sanitization of the HTTP header 'X-Forwarded-For'...

jPORTAL 2.3.1 &amp; UserPatch - &#039;forum.php&#039; Remote Code Execution

 $host = $argv1; $path = $argv2; $phpcode = $argv3; $info = "\n\n". " jPORTAL 2.3.1 & UserPatch forum.php Remote PHP Code Execution Exploit\n". "\n". " author: irk4zatyahoo.pl\n". " http://irk4z.wordpress.com\n". "\n". "\n". " greetz: str0ke, wacky, polish under :\n"...

PT-2006-5449 · Premod · Premod Shadow

Name of the Vulnerable Software and Affected Versions: Premod Shadow versions 2.7.1 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the phpbb root path parameter in the includes/functions portal.php file. Recommendations: For Premod Shadow...

Artmedic NewsLetter 4.1 - &#039;Log.php&#039; Remote Script Execution

source: https://www.securityfocus.com/bid/18047/info Artmedic Newsletter is prone to a remote PHP code-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to create files containing arbitrary conte...