Coppermine Photo Gallery 1.4.19 Remote PHP File Upload Vulnerability

Exploit for unknown platform in category web applications ==================================================================== Coppermine Photo Gallery 1.4.19 Remote PHP File Upload Vulnerability ==================================================================== Written By Michael Brooks...

Coppermine Photo Gallery 1.4.19 File Upload

Written By Michael Brooks Special thanks to str0ke! Coppermine Photo gallery - Remote PHP File Upload Affects: v1.4.19 Homepage: http://coppermine-gallery.net/ 5,239,057 downloads from sf.net! For this attack we need registerglobals=on . The problem is that the anti-registerglobals security can b...

Flax Article Manager 1.1 Remote PHP Script Upload Vulnerability

Exploit for unknown platform in category web applications =============================================================== Flax Article Manager 1.1 Remote PHP Script Upload Vulnerability =============================================================== Flax Article Manager 1.1 Remote File Upload...

Flax Article Manager 1.1 - Remote PHP Script Upload

Flax Article Manager 1.1 - Remote PHP Script Upload Flax Article Manager 1.1 Remote File Upload Vulnerability ---------------------------------------------------------- Discovered By: S.W.A.T. [email protected] Home: www.batlagh.com Script Page: http://www.clixint.com/products/articles Dork:...

XOOPS 2.3.2 (mydirname) Remote PHP Code Execution Exploit

No description provided by source. !/usr/bin/php -q ?php / XOOPS 2.3.2 mydirname Remote PHP Code Execution Exploit by athos - stakerathotmaildotit http://xoops.org thanks to s3rg3770 and The:Paradox works with register globals on note: this vuln is a remote php code execution Directory...

Admbook PHP Code Injection Flaw

The remote web server contains a PHP script that allows arbitrary code injection. Description : The remote host is running AdmBook, a PHP-based guestbook. The remote version of this software is prone to remote PHP code injection due to a lack of sanitization of the HTTP header 'X-Forwarded-For'...

TorrentFlux跨站请求伪造及远程PHP脚本执行漏洞

BUGTRAQ ID: 28846 TorrentFlux是使用PHP编写的BitTorrent下载客户端。如果架设在Web服务器上，便可以通过Web界面对BitTorrent下载进行管理。 TorrentFlux在处理下载文件的浏览时存在漏洞，远程攻击者可能利用此漏洞在用户系统上执行恶意代码。 如果用户受骗使用TorrentFlux下载了包含有backdoor.php文件的torrent的话，则在http://localhost/torrentflux2.3/html/downloads/USERNAME/ 查看该文件时就会导致执行该文件。无需口令便可以访问这个文件夹，但需要知道用户名...

jPORTAL 2.3.1 & UserPatch - 'forum.php' Remote Code Execution

 $host = $argv1; $path = $argv2; $phpcode = $argv3; $info = "\n\n". " jPORTAL 2.3.1 & UserPatch forum.php Remote PHP Code Execution Exploit\n". "\n". " author: irk4zatyahoo.pl\n". " http://irk4z.wordpress.com\n". "\n". "\n". " greetz: str0ke, wacky, polish under :\n"...

TikiWiki 1.9.8 Remote PHP Injection Vulnerability

No description provided by source. TikiWiki 1.9.8 Remote PHP Injection Vulnerability Example: http://www.example.com/tikiwiki/tiki-graphformula.php?w=1&h=1&s=1&min=1&max=2&f=x.tan.phpinfo&t=png&title=...

tikiwiki-inject.txt

TikiWiki 1.9.8 Remote PHP Injection Vulnerability Example: http://www.example.com/tikiwiki/tiki-graphformula.php?w=1&h=1&s=1&min=1&max=2&f=x.tan.phpinfo&t=png&title=...

TikiWiki 1.9.8 Remote PHP Injection Vulnerability

Exploit for unknown platform in category web applications ================================================= TikiWiki 1.9.8 Remote PHP Injection Vulnerability ================================================= TikiWiki 1.9.8 Remote PHP Injection Vulnerability Example:...

TikiWiki 1.9.8 - Remote PHP Injection

TikiWiki 1.9.8 Remote PHP Injection Vulnerability Example: http:/server/tikiwiki/tiki-graphformula.php?w=1&h=1&s=1&min=1&max=2&f=x.tan.phpinfo&t=png&title= milw0rm.com 2007-10-10...

TikiWiki 1.9.8 - Remote PHP Injection

TikiWiki 1.9.8 - Remote PHP Injection TikiWiki 1.9.8 Remote PHP Injection Vulnerability Example: http:/server/tikiwiki/tiki-graphformula.php?w=1&h=1&s=1&min=1&max=2&f=x.tan.phpinfo&t=png&title= milw0rm.com 2007-10-10...

PT-2006-5449 · Premod · Premod Shadow

Name of the Vulnerable Software and Affected Versions: Premod Shadow versions 2.7.1 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the phpbb root path parameter in the includes/functions portal.php file. Recommendations: For Premod Shadow...

PT-2006-4555 · Codeworks · Codeworks Gnomedia Subberz[Lite]

Name of the Vulnerable Software and Affected Versions: Codeworks Gnomedia SubberZLite affected versions not specified Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the myadmindir parameter in the user-func.php file. However, a third party has disputed...

Artmedic NewsLetter 4.1 - 'Log.php' Remote Script Execution

source: https://www.securityfocus.com/bid/18047/info Artmedic Newsletter is prone to a remote PHP code-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to create files containing arbitrary conte...

[Full-disclosure] RechnungsZentrale V2 - SQL injection and Remote PHP inclusion vulnerabilities

The Advisory can be found here: http://www.g-0.org/code/rz2-adv.html Regards, GroundZero Security Research and Software Development http://www.groundzero-security.com Wir widersprechen der Nutzung oder Ubermittlung unserer Daten fur Werbezwecke oder fur die Markt- oder Meinungsforschung § 28 Abs....

txtForum 1.0.31.0.4 - Remote PHP Script Code Injection

txtForum 1.0.31.0.4 - Remote PHP Script Code Injection source: https://www.securityfocus.com/bid/17061/info txtForum is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to facilitate a compromise of the application and the underlying system; other attacks are...

txtForum 1.0.3/1.0.4 - Remote PHP Script Code Injection

source: https://www.securityfocus.com/bid/17061/info txtForum is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to facilitate a compromise of the application and the underlying system; other attacks are also possible. document.forms0.submit;...

PEHEPE Membership Management System 3.0 - Remote PHP Script Code Injection

PEHEPE Membership Management System 3.0 - Remote PHP Script Code Injection source: https://www.securityfocus.com/bid/16887/info PEHEPE Membership Management System is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to facilitate a compromise of the applicati...