phpMyAdmin3 (pma3) - Remote Code Execution

phpMyAdmin3 pma3 - Remote Code Execution !/usr/bin/env python coding=utf-8 pma3 - phpMyAdmin3 remote code execute exploit Author: wofeiwo Thx Superhei Tested on: 3.1.1, 3.2.1, 3.4.3 CVE: CVE-2011-2505, CVE-2011-2506 Date: 2011-07-08 Have fun, DO NOT USE IT TO DO BAD THING. Requirements: 1. "confi...

CVE-2010-1097

include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.autostart is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the SESSIONdedeadminid parameter, as demonstrated by a request to uploads/include/dialog/selectsoftpost.php...

Authentication flaw

include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.autostart is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the SESSIONdedeadminid parameter, as demonstrated by a request to uploads/include/dialog/selectsoftpost.php...

CVE-2010-1097

CVE-2010-1097 affects DeDeCMS 5.5 GBK, where enabling session.auto_start allows remote attackers to bypass authentication and gain administrative access by setting _SESSION[dede_admin_id] to 1, demonstrated via uploads/include/dialog/select_soft_post.php. The vulnerability stems from improper ses...