Directory traversal

Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a langfile parameter, as demonstrated by injecting PHP sequences into an Apache accesslog file...

CVE-2006-1346

Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a langfile parameter, as demonstrated by injecting PHP sequences into an Apache accesslog file...

gCards 1.45 - Multiple Vulnerabilities

!/usr/bin/php -q -d shortopentag=on languageredirect == $SERVER'PHPSELF' if isset$GET'setLang' $SESSION'setLang' = $GET'setLang'; $langFile = $page-relpath.'inc/lang/'.$lang$SESSION'setLang''file'; if fileexists$langFile includeonce$langFile; else echo "Could not find language file $langFile"; ?...

gCards <= 1.45 Multiple Vulnerabilities All-In-One Exploit

Exploit for unknown platform in category web applications ========================================================== gCards languageredirect == $SERVER'PHPSELF' if isset$GET'setLang' $SESSION'setLang' = $GET'setLang'; $langFile = $page-relpath.'inc/lang/'.$lang$SESSION'setLang''file'; if...