61 matches found
EUVD-2012-5921
Malware in sbrugna...
EUVD-2006-3845
Malware in sbrugna...
EUVD-2008-6923
Malware in sbrugna...
EUVD-2008-4698
Malware in sbrugna...
EUVD-2008-0289
Malware in sbrugna...
EUVD-2007-5952
Malware in sbrugna...
CVE-2014-8998
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the pregreplace function with the eval switch...
Code injection
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the pregreplace function with the eval switch...
CVE-2014-8998
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the pregreplace function with the eval switch...
CVE-2014-8998
CVE-2014-8998 affects X7 Chat, specifically vulnerable in lib/message.php across versions 2.0.0â2.0.5.1. The issue allows a remote authenticated user to execute arbitrary PHP code by sending a crafted HTTP header to index.php, where the header is processed by preg_replace with the /e modifier. Th...
X7 Chat 2.0.5 lib/message.php preg_replace() PHP Code Execution Exploit
This Metasploit module exploits a post-auth vulnerability found in X7 Chat versions 2.0.0 up to 2.0.5.1. The vulnerable code exists on lib/message.php, which uses pregreplace function with the /e modifier. This allows a remote authenticated attacker to execute arbitrary PHP code in the remote...
X7 Chat 2.0.5 - 'message.php' PHP Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'X7 Chat 2.0.5 lib/message.php pregreplace PHP Code Execution', 'Description' = %q This module exploits a post-auth vulnerability fou...
X7 Chat 2.0.5 lib/message.php preg_replace() PHP Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'X7 Chat 2.0.5 lib/message.php pregreplace PHP Code Execution', 'Description' = %q This module exploits a post-auth vulnerability fou...
X7 Chat 2.0.5 lib/message.php preg_replace() PHP Code Execution
This module exploits a post-auth vulnerability found in X7 Chat versions 2.0.0 up to 2.0.5.1. The vulnerable code exists on lib/message.php, which uses pregreplace function with the /e modifier. This allows a remote authenticated attacker to execute arbitrary PHP code in the remote machine. This...
X7 Chat <= 2.0.5 (day) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/python Exploit for xchat 2.0.5 Saca los usuarios y los hash By nonroot - 2008 it's a PoC, please use responsibly import string,urllib import sys,re print Target host: i.e: http://127.0.0.1/x7chat/ host=rawinputTarget host include http and /: print Outp...
X7 Chat 2.0.4 upgradev1.php INSTALL_X7CHATVERSION Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/26417/info X7 Chat is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script co...
X7 Chat <= 2.0.4 (old_prefix) Remote Blind SQL Injection Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo X7 Chat =2.0.4 'oldprefix' blind SQL injection / privilege escalation exploit\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n; echo dork: \Powered By X7 Chat\r\n\r\n; if $argc3...
X7 CHAT 2.0.2 CSRF (add admin) vulenrability
Exploit for php platform in category web applications X-------------------------------------------------------------X | | | | | \ | | / | |/ \ | \ | | / \ \ / / \ | \ | | | | | | | | | | \ --. | | / /\ | | | | / /\ V /| |/ / | | |/ / | | | | | | . | | | --. \ | | | || . | | | \ / | \ || / | | |...
CVE-2012-6047
Cross-site request forgery CSRF vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php...