1765 matches found
blueshoes <= 4.6_public Remote File Inclusion
blueshoes = 4.6public Remote File Inclusion Download Source : http://download.blueshoes.org/blueshoes-4.6public.zip Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg file ; GoogleSearch.php bugs ; requireonce$APP'path''lib' . 'nusoap.php'; exmple and methode exploit ;...
GLSA-200609-20 : DokuWiki: Shell command injection and Denial of Service
The remote host is affected by the vulnerability described in GLSA-200609-20 DokuWiki: Shell command injection and Denial of Service Input validation flaws have been discovered in the image handling of fetch.php if ImageMagick is used, which is not the default method. Impact : A remote attacker...
PHP-Proxima 6.0 - 'BB_Smilies.php' Local File Inclusion
source: https://www.securityfocus.com/bid/19840/info PHP-Proxima is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary local files from the vulnerable system in the context of the...
iziContents-php.txt
!/usr/bin/php -q -d shortopentag=on include/rssfunctions.php line 32-40: .... $GLOBALS"rootdp" = './'; requireonce $GLOBALS"rootdp"."include/config.php"; requireonce $GLOBALS"rootdp"."include/db.php"; requireonce $GLOBALS"rootdp"."include/session.php"; includeonce...
Phorum 5 - pm.php Arbitrary Local Inclusion
Phorum 5 - pm.php Arbitrary Local Inclusion !/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; retu...
EJ3 TOPo 2.2 (descripcion) Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl EJ3 TOPO 2.2 Remote Code Execution Exploit --------------------------------------------- Note : This Exploit Just run TOPO 2.2 IHST : www.Hackerz.Ir AST : www.aria-security.net Coded & Discovered By Hessam-x use LWP::UserAgent; use LWP::Simple; us...
MyBulletinBoard (MyBB) < 1.1.3 Remote Code Execution Exploit
No description provided by source. !/usr/bin/perl Tue Jun 13 12:37:12 CEST 2006 [email protected] Exploit HOWTO - read this before flood my Inbox you bitch! - First you need to create the special user to do this use: ./mybibi.pl --host=http://www.example.com --dir=/mybb -1 this step needs a graph...
SpamAssassin spamd vpopmail user vulnerability
Added: 06/09/2006 CVE: CVE-2006-2447 BID: 18290 OSVDB: 26177 Background SpamAssassin identifies spam e-mail using a variety of local and network based tests. spamd is a component of SpamAssassin which allows it to run as a network daemon. Problem When the vpopmail -v and paranoid -P options are...
DotClear 1.2.4 - prepend.php Remote File Inclusion
DotClear 1.2.4 - prepend.php Remote File Inclusion !/usr/bin/php -q -d shortopentag=on ? echo "DotClear = 1.2.4 prepend.php/'blogdcpath' arbitrary remote inclusion\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "dork: "propulsé par DotClear"...
Update Protection against AWStats "migrate" Shell Command Injection
AWStats is an open source web analystic reporting tool, suitable for analyzing data from internet services. A vulnerability has been identified in AWStats due to improper validation of user input. The vulnerability may be exploited by attackers to execute arbitrary commands. July 5, 2006On July 5...
NucleusCMS.txt
!/usr/bin/php -q -d shortopentag=on ...
Drupal <= 4.7 (attachment mod_mime) Remote Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "Drupal = 4.7 attachment modmime poc exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; / this works with a user account with upload rights and with permissions to...
Nucleus CMS <= 3.22 (DIR_LIBS) Arbitrary Remote Inclusion Exploit
Exploit for unknown platform in category web applications ================================================================= Nucleus CMS = 3.22 DIRLIBS Arbitrary Remote Inclusion Exploit ================================================================= !/usr/bin/php -q -d shortopentag=on ? echo...
sugarsuite.txt
!/usr/bin/php -q -d shortopentag=on \r\n"; die; / software site: http://www.sugarcrm.com/crm/ i vulnerable code in modules/OptimisticLock/LockResolve.php...
DeluxeBB 1.06 - 'Attachment mod_mime' Remote Command Execution
!/usr/bin/php -q -d shortopentag=on ? echo "DeluxeBB = v1.06 attachment modmime exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "tested & working against a fresh deluxebb installation\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host...
Sugar Suite Open Source <= 4.2 "OptimisticLock!" arbitrary remote inclusion exploit
!/usr/bin/php -q -d shortopentag=on ? echo "Sugar Suite Open Source = 4.2 "OptimisticLock!" arbitrary remote inclusion exploitrn"; echo "by rgod [email protected]"; echo "site: http://retrogod.altervista.orgrnrn"; echo "this is called the "five claws of Sun-tzu"rnrn"; if $argc5 echo "Usage: ph...
FreeBSD : firefox & mozilla -- command line URL shell command injection (2e28cefb-2aee-11da-a263-0001020eed82)
A Secunia Advisory reports : Peter Zelezny has discovered a vulnerability in Firefox, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within backticks in t...
FreeBSD : opera -- command line URL shell command injection (dfc1daa8-61de-11da-b64c-0001020eed82)
An Opera Advisory reports : Opera for UNIX uses a wrapper shell script to start up Opera. This shell script reads the input arguments, like the file names or URLs that Opera is to open. It also performs some environment checks, for example whether Java is available and if so, where it is located...
FreeBSD : libgadu -- multiple vulnerabilities (3b4a6982-0b24-11da-bc08-0001020eed82)
Wojtek Kaniewski reports : Multiple vulnerabilities have been found in libgadu, a library for handling Gadu-Gadu instant messaging protocol. It is a part of ekg, a Gadu-Gadu client, but is widely used in other clients. Also some of the user contributed scripts were found to behave in an insecure...
phpRaid-1.txt
Kurdish Security Advisory phpRaid Remote File Include PHPBB : "Sosyalizim'de ısrar insan olmakta ısrardır" Abdullah Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com & [email protected] Script : phpRaid Script Website : http://www.spiffyjr.com/ Version : phpRaid v2.9.5 "...