38 matches found
GetSimple CMS 3.1 admin/theme.php err Parameter Reflected XSS
GetSimple CMS 3.1 admin/theme.php err Parameter Reflected XSS. CVE-2012-6621. Webapps exploit for php platform source: http://www.securityfocus.com/bid/53501/info GetSimple CMS is prone to HTML-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied...
ADAS Project SQL Injection
|=----=----=----=----=----=--------=| | | | /\ /\ \ /\ /\ \ | | //\ /\ \ \L\ \ \ \ \ Turki$ hackers | | \ \ \ \ \ '\ \ \ | | \ \ \ \ \ \L\ \ \ \ \ \ | | \ \ \ / \ \ \ | | // // //// | | | | | |=----=----=----=----=----=--------=|...
Flatnux 2009-01-27 Remote File Inclusion
@ flatnux Flatnux-2009-01-27 RFI zależności P + Alfons Luja + 2009 + grts : All friends VULN : +++ include/theme.php ... ?php if eregi"theme.php", $SERVER'PHPSELF' die; // 0 -- I dont give a fuck global $theme, $FNROOTPATH,$lang; //-- 1 global $forumback, $forumborder;...
Flatnux 2009-01-27 - Remote File Inclusion
@ flatnux Flatnux-2009-01-27 RFI zależności P + Alfons Luja + 2009 + grts : All friends VULN : +++ include/theme.php ... ?php if eregi"theme.php", $SERVER'PHPSELF' die; // 0 -- I dont give a fuck global $theme, $FNROOTPATH,$lang; //-- 1 global $forumback, $forumborder;...
Flatnux 2009-01-27 - Remote File Inclusion
Flatnux 2009-01-27 - Remote File Inclusion @ flatnux Flatnux-2009-01-27 RFI zależności P + Alfons Luja + 2009 + grts : All friends VULN : +++ include/theme.php ... ?php if eregi"theme.php", $SERVER'PHPSELF' die; // 0 -- I dont give a fuck global $theme, $FNROOTPATH,$lang; //-- 1 global...
Flatnux 2009-01-27 Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ====================================================== Flatnux 2009-01-27 Remote File Inclusion Vulnerability ====================================================== @ flatnux Flatnux-2009-01-27 RFI zaleznosci P + Alfons Luja + 2009 + grts ...
CVE-2008-4769
Directory traversal vulnerability in the getcategorytemplate function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from thi...
DEBIAN-CVE-2008-4769
Directory traversal vulnerability in the getcategorytemplate function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from thi...
cpg-lfiexec.txt
authenticate; ... 301. // Process language selection if present in URI or in user profile or try 302. // autodetection if default charset is utf-8 303. if !empty$GET'lang' 304. 305. $USER'lang' = ereg"^a-z0-9-$", $GET'lang' ? $GET'lang' : $CONFIG'lang'; 306. 307. 308. if isset$USER'lang' &&...
Coppermine Photo Gallery 1.4.18 - Local File Inclusion Remote Code Execution
Coppermine Photo Gallery 1.4.18 - Local File Inclusion Remote Code Execution authenticate; ... 301. // Process language selection if present in URI or in user profile or try 302. // autodetection if default charset is utf-8 303. if !empty$GET'lang' 304. 305. $USER'lang' = ereg"^a-z0-9-$",...
CVE-2003-1537
Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php...
WordPress v2.1.3 >> remote file include~
by : www.hackeraz.ir userz , saeid... ++++++++++++++++++++++++++++++++++++ WordPress 2.1.3 Remote File Inclusion Affected Software .: WordPress 2.1.3 Download..: http://wordpress-deutschland.org Risk ..............: high Date .........: 25/4/2007 Found by ..........: s433donlylinux Contact...
wp-compromise.txt
While assessing the security of WordPress, a popular blog creation software, I have discovered that it's source code has recently been compromised by a third party in order to enable remote command execution on the machines running affected versions. The compromised files are wp-includes/feed.php...
CVE-2007-1277
WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via 1 an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and 2 an...
CVE-2007-1277
WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via 1 an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and 2 an...
WordPress fails to properly sanitize input passed to the iz parameter in wp-includes/theme.php
Overview WordPress fails to properly sanitize input to the iz parameter in wp-includes/theme.php, which could allow a remote, unauthenticated attacker to execute arbitrary commands. Description WordPress is a blogging application that is written in PHP. WordPress 2.1.1 fails to properly sanitize...
Coppermine Photo Gallery Theme.PHP远程文件包含漏洞
Coppermine Photo Gallery是一款基于PHP的图片管理程序。 Coppermine Photo Gallery不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'theme.php'脚本对用户提交的"THEMEDIR"参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 Coppermine Photo Gallery 1.2.2 b-Nuke http://coppermine-gallery.net/index.php...
Coppermine Photo Gallery v1.2.2b-Nuke Remote File Inclusion Vulnerabilities
---------------------------------------------------- Coppermine Photo Gallery v1.2.2b-Nuke Remote File Inclusion Vulnerabilities ---------------------------------------------------- Discovered By A-S-T TEAM WE ARE CrAsHoVeRrIdE & BLACK-CODE & MR-HCR...