Pearl Forums 2.4 - Multiple Remote File Inclusions

| \ | / | \ \ / | | | | | \ / | \ \ / / | | | | '| | |/| |/ \ / / \ / / | | '| | | / | | || | | | | | | | | \ / | | | | || \ \ |/|| || ||,//\ / ||| ,|/ ///////////////////////////////////////////////////////////////////////////////////////////////////////////// //Script:Pearl Forums...

oscommerce-page-txt

osCommerce multiple Scripts 'page' param XSS Vendor url: http://www.oscommerce.com Vendor Bugtracker:http://www.oscommerce.com/community/bugs,4303 Advisore: http://lostmon.blogspot.com/2006/10/ oscommerce-multiple-scripts-page-param.html Vendor notify:yes osCommerce contains a flaw that allows a...

pbsiteb1.txt

Title: PBSite = B1 C45.1 Remote File Inclusion Vulnerability The bug is Discovered by Minus-Power Mail: minus-power at myway dot com Date: 19.Aug 2006 -= Republic of IRAN =- Greetz : R00TATI - Stansar & members of RS Damn to : All Arab & Turkish hackers...

ottoman-sploit.txt

!/usr/bin/perl use IO::Socket; Jacek Wlodarczyk j4ck - jacekwloatgmaildotcom Title: Ottoman CMS \r\n"; print "- - Victim's target eg: http://www.victim.com\r\n"; print "- - Path to script eg: /ottoman/error.php\r\n"; print "- - eg: http://www.site.com/shdir/\r...

Ottoman CMS <= 1.1.3 (default_path) Remote File Inclusion Exploit

No description provided by source. !/usr/bin/perl use IO::Socket; Jacek Wlodarczyk j4ck - jacekwloatgmaildotcom Title: Ottoman CMS = 1.1.3 Remote File Inclusion Exploit Application: Ottoman Content Management System Version: 1.1.3 and prior Url: http://www.lowter.com/p/ottoman Affected software...

# MHG Security Team --- Gallery Upload Vulnerabilities

Milli-Harekat Advisory www.milli-harekat.org Gallery Upload Vulnerabilities Risk : High Class: Remote Script : Gallery Scripts Credits : Dj ReMix Thanks : Яy Korsan , Liz0zim ,ESOBAR, PoizinBo0x ,TRIP ,ERNE ,CyberWolf... Vulnerable Scripts : DUGallery v1.x Dugallery v2.x DuPortal v2.x DuBanner Al...

PhpInclude.Worm - PHP Scripts Automated Arbitrary File Inclusion

No description provided by source. !/usr/bin/perl use LWP::Simple; use IO::Socket::INET; while1 $numr = int rand9999; $caxe = "."; $caxe1 = "."; $caxe .= rand9999; $caxe1 .= rand9999; $arq = "."; $arq = int rand9999; opensites,"$arq"; print sites ""; closesites; $procura = 'inurl:.php?=' . $numr;...

vBulletin 3.0.1 - 'newreply.php?WYSIWYG_HTML' Cross-Site Scripting

source: https://www.securityfocus.com/bid/10602/info VBulletin is reported prone to an HTML injection vulnerability. This issue affects the 'newreply.php' and 'newthread.php' scripts. An attacker may exploit this issue by including hostile HTML and script code in fields that may be viewable by...

Expinion.net News Manager Lite 2.5 - news_sort.asp?filter SQL Injection

Expinion.net News Manager Lite 2.5 - newssort.asp?filter SQL Injection source: https://www.securityfocus.com/bid/9935/info Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks. T...

Expinion.net News Manager Lite 2.5 - more.asp?ID SQL Injection

Expinion.net News Manager Lite 2.5 - more.asp?ID SQL Injection source: https://www.securityfocus.com/bid/9935/info Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks. The issue...

CVE-2003-1251

The 1 menu.inc.php, 2 datasets.php and 3 massoperations.inc.php mistakenly referred to as massopeations.inc.php scripts in N/X 2002 allow remote attackers to execute arbitrary PHP code via a cpath that references a URL on a remote web server that contains the code...

Psychoblogger PB-beta1 - errormessage Cross-Site Scripting

Psychoblogger PB-beta1 - errormessage Cross-Site Scripting source: https://www.securityfocus.com/bid/9293/info It has been reported that Psychoblogger may be prone to multiple cross-site scripting vulnerabilities that may allow a remote attacker to execute HTML or script code in a user's browser...

BES-CMS 0.40.5 - folder.php File Inclusion

BES-CMS 0.40.5 - folder.php File Inclusion source: https://www.securityfocus.com/bid/9268/info It has been reported that BES-CMS is vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable...

BES-CMS 0.4/0.5 - 'message.php' File Inclusion

source: https://www.securityfocus.com/bid/9268/info It has been reported that BES-CMS is vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The problem exists in the...

Caucho Resin 2.0/2.1 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/8852/info It has been reported that Caucho Resin is prone to multiple HTML Injection and cross-site scripting vulnerabilities in various scripts that may allow a remote attacker to cause hostile HTML or script code to be rendered in the browser of a user...

DSA-279 metrics - insecure temporary file creation

Paul Szabo and Matt Zimmerman discovered two similar problems in metrics, a tools for software metrics. Two scripts in this package, "halstead" and "gather\stats", open temporary files without taking appropriate security precautions. "halstead" is installed as a user program, while "gather\stats"...

PHP-Nuke 5.5 and 6.0: Path Disclosure

Product - PHP-Nuke + Version - 5.5, 6.0 other versions not tested jet + Website - http://www.phpnuke.org + Problems - Path Disclosure + Explanation: The fault happens in the file print.php, which this including in the modulos 'News' and 'AvantGo', in the same one is checked that the variable $sid...

CGIScript.net 1.0 - Information Disclosure

CGIScript.net 1.0 - Information Disclosure source: https://www.securityfocus.com/bid/4764/info CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick. It is possible to cause numerous scripts provided by CGIScript.net to disclose sensitive system...

Microsoft IIS 4.0/5.0 - Chunked Encoding Transfer Heap Overflow (3)

// source: https://www.securityfocus.com/bid/4485/info A heap overflow condition in the 'chunked encoding transfer mechanism' related to Active Server Pages has been reported for Microsoft IIS Internet Information Services. This condition affects IIS 4.0 and IIS 5.0. Exploitation of this...

Sambar Server Multiple Script Arbitrary Code Execution

At least one of these CGI scripts is installed : hello.bat echo.bat They allow any attacker to execute commands with the privileges of the web server process. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid10246;...