Directory traversal

Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. dot dot in the id parameter...

CVE-2007-2369

Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. dot dot in the id parameter...

CVE-2007-2368

picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter...

Design/Logic Flaw

picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter...

CVE-2007-2368

picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter...

CVE-2007-2368

WebSPELL 4.01.02 (and earlier) is affected in picture.php where the file parameter can be abused to read arbitrary files. Root cause: improper handling of the file parameter allows remote attackers to access files, with no authentication and network-based access. The issue has a NVD CVSS v2 base ...

CVE-2007-2369

CVE-2007-2369 affects WebSPELL up to version 4.01.02 (and earlier) where Picture.php is vulnerable when PHP

WebSPELL <= 4.01.02 (picture.php) Remote File Disclosure Vulnerability

WebSPELL = 4.01.02 picture.php Remote File Disclosure Vulnerability Discovered by: Trex Visit: www.Trex-Online.net / www.UnderGround.ag Comment: Happy easter! / / / / / / / // / GIVE ME A CARROT OR I WILL O O/ BLOW UP YOUR HOUSE / / ^ / / / // / // /// Vulnerability 1: Advantage: works...

webspell-disclose.txt

WebSPELL = 4.01.02 picture.php Remote File Disclosure Vulnerability Discovered by: Trex Visit: www.Trex-Online.net / www.UnderGround.ag Comment: Happy easter! / \ / \ / / / \ \ / \ /\ // / GIVE ME A CARROT OR I WILL \ \O O/ \ BLOW UP YOUR HOUSE / / ^ \ / / / // / \ // \ ///\ Vulnerability 1:...

WebSPELL <= 4.01.02 (picture.php) File Disclosure Vulnerability

No description provided by source. WebSPELL = 4.01.02 picture.php Remote File Disclosure Vulnerabilitybr / Discovered by: Trexbr / Visit: www.Trex-Online.net / www.UnderGround.agbr / Comment: Happy easter!br / br / br / / / br / / / \/ / br /...

WebSPELL 4.01.02 - picture.php File Disclosure

WebSPELL 4.01.02 - picture.php File Disclosure WebSPELL = 4.01.02 picture.php Remote File Disclosure Vulnerability Discovered by: Trex Visit: www.Trex-Online.net / www.UnderGround.ag Comment: Happy easter! / \ / \ / / / \ \ / \ /\ // / GIVE ME A CARROT OR I WILL \ \O O/ \ BLOW UP YOUR HOUSE / /...

WebSPELL 4.01.02 - 'picture.php' File Disclosure

WebSPELL = 4.01.02 picture.php Remote File Disclosure Vulnerability Discovered by: Trex Visit: www.Trex-Online.net / www.UnderGround.ag Comment: Happy easter! / \ / \ / / / \ \ / \ /\ // / GIVE ME A CARROT OR I WILL \ \O O/ \ BLOW UP YOUR HOUSE / / ^ \ / / / // / \ // \ ///\ Vulnerability 1:...

WebSPELL <= 4.01.02 (picture.php) File Disclosure Vulnerability

Exploit for unknown platform in category web applications =============================================================== WebSPELL = 4.01.02 picture.php File Disclosure Vulnerability =============================================================== WebSPELL = 4.01.02 picture.php Remote File...

webSPELL PHP Code Execution-vulnerability warning-the black bar safety net

Summary "webSPELL is a free Content Management System CMS for clans and gaming communities, providing all needed features like forums, gallery, clanwar system and co." There is a PHP code execution vulnerability in webSPELL. Credit: The information has been provided by milw0rm. The original artic...

webSPELL &lt;= 4.01.02 Multiple Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perlbr / use LWP::UserAgent;br / use Getopt::Long;br / br / if!$ARGV3br / br / print " \'/ ";br / print " -.- ";br / print "...

webSPELL 4.01.02 - PHP Remote Code Execution

webSPELL 4.01.02 - PHP Remote Code Execution !/usr/bin/php URL: http://www.acid-root.new.fr/ ----------------------------------------------------------------------- Usage: $argv0 -url -file Options Params: -url For example http://victim.com/webspell/ -file The file you wanna upload c99shell.php...

webSPELL <= 4.01.02 Remote PHP Code Execution Exploit

Exploit for unknown platform in category web applications ===================================================== webSPELL -file Options Params: -url For example http://victim.com/webspell/ -file The file you wanna upload c99shell.php... Options: -prefix Table prefix default=webs -upmatch The match...

webSPELL 4.01.02 - PHP Remote Code Execution

!/usr/bin/php URL: http://www.acid-root.new.fr/ ----------------------------------------------------------------------- Usage: $argv0 -url -file Options Params: -url For example http://victim.com/webspell/ -file The file you wanna upload c99shell.php... Options: -prefix Table prefix default=webs...

Sql injection

SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a wsauth cookie, a different vulnerability than CVE-2006-4782...

Sql injection

SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783...