CVE-2008-5916

gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a craft...

phpList <= 2.10.8 Variable Overwriting

The version of phpList installed on the remote host emulates PHP's 'registerglobals' functionaltiy' insecurely in its 'admin/index.php' script. Provided PHP's 'registerglobals' setting is disabled, an unauthenticated attacker can exploit this issue to overwrite the 'SERVERConfigFile' and...

Oracle Secure Backup exec_qr() Command Injection Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the routine execqr defined in the web script login.php. The user-supplied variabl...

Photobase 1.2 (language) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications =========================================================== Photobase 1.2 language Local File Inclusion Vulnerability =========================================================== START 0x01 Informations: Script : Photobase 1.2 Download :...

CVE-2008-2381

SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable...

CVE-2008-5744

Array index error in the dahdi/tor2.c driver in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wrong variable in a range check...

Design/Logic Flaw

general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSLCLIENTCERT environment variable. NOTE: in some environments, SSLCLIENTCERT always has a base64-encoded string value, which may...

CVE-2008-5624

PHP 5 before 5.2.7 does not properly initialize the pageuid and pagegid global variables for use by the SAPI phpgetuid function, which allows context-dependent attackers to bypass safemode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting ...

CVE-2008-5624

PHP 5 before 5.2.7 does not properly initialize the pageuid and pagegid global variables for use by the SAPI phpgetuid function, which allows context-dependent attackers to bypass safemode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting ...

CVE-2008-5305

Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH% variable...

CFMBLOG (index.cfm categorynbr) Blind SQL Injection Vulnerability

No description provided by source. -------------------------------AlpHaNiX---------------------------------- Found By : AlpHaNiX website : www.offensivetrack.org contact : AlpHaATHACKERDOTBZ script : CFMBLOG download : null Demo : http://www.cfmblog.com Exploits : --=BLIND SQL INJECTION=--...

XAMPP 1.6.8 (XSRF) Change Administrative Password Exploit

No description provided by source. XAMPP change administrative password: -------------------------------------------------------------------------------- Written by Michael Brooks special thanks to str0ke Affects XAMPP 1.6.8. homepage: http://www.apachefriends.org/ XAMPP has 17+ million downloads...

XAMPP 1.6.8 Password Exploit

XAMPP change administrative password: -------------------------------------------------------------------------------- Written by Michael Brooks special thanks to str0ke Affects XAMPP 1.6.8. homepage: http://www.apachefriends.org/ XAMPP has 17+ million downloads from sourceforge.net...

CVE-2008-5332

Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3 allow remote attackers to execute arbitrary PHP code via a URL in the 1 lib parameter to files in lib/action/ including a alias.php, b cancel.php, c context.php, d deadlinks.php, e delete.php, and others; and the 2...

cpCommerce 1.2.6 (URL Rewrite) Input variable overwrite / Auth bypass

No description provided by source. Author: girex Homepage: girex.altervista.org CMS: cpCommerce 1.2.6 Site: http://cpcommerce.cpradio.org/ Bug: URL Rewrite - Input variables overwrite PoC: Auth bypass - Shell upload Note: Works regardless php.ini settings Vendor informed: 23/11/08 cpCommerce 1.2....

CPCommerce 1.2.6 - URL Rewrite Input Variable Overwrite / Authentication Bypass

Author: girex Homepage: girex.altervista.org CMS: cpCommerce 1.2.6 Site: http://cpcommerce.cpradio.org/ Bug: URL Rewrite - Input variables overwrite PoC: Auth bypass - Shell upload Note: Works regardless php.ini settings Vendor informed: 23/11/08 cpCommerce 1.2.7 released: 30/11/08 Public advisor...

Cross site scripting

Cross-site scripting XSS vulnerability in the selflink function in in the RSS Feed Generator wp-includes/feed.php for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header HTTPHOST variable...

CVE-2008-5278

Cross-site scripting XSS vulnerability in the selflink function in in the RSS Feed Generator wp-includes/feed.php for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header HTTPHOST variable...

nitrotech-rfisql.txt

Name: Nitrotech 0.0.3a Multiple Remote Vulnerabilities Download: http://sourceforge.net/project/downloading.php?groupname=nitrotech&filename=nitrotech003a.zip&usemirror=garr Author: Osirys, thanks to x0r Contact: [email protected] Nitrotech cms is vulnerable to multiple vulnerabilities, like remote...

No-IP DUC &lt;= 2.1.7 Remote Code Execution Exploit

No description provided by source. / | |/ / / |/ / / / | / / / / /|/ / / / / / / / / / / / / // / / / / // / // // / //|// //// //,//,/ xenomuta arroba phreaker punto net http://xenomuta.tuxfamily.org/ - Methylxantina 256mg Permlink: http://xenomuta.tuxfamily.org/exploits/noIPwn3r.c...