EUVD-2007-3213

Malware in sbrugna...

XOOPS Module XFsection <= 1.07 (articleid) BLIND SQL Injection Exploit

No description provided by source. html head titleXOOPS Module XFsection = 1.07 articleid BLIND SQL Injection Exploit/title script type=text/javascript //'=============================================================================================== //'Script Name: XOOPS Module XFsection = 1.07...

Xoops XFsection模块Dir_Module参数远程文件包含漏洞

Xoops XFsection是一款基于PHP的WEB应用程序。 Xoops XFsection不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于脚本对用户提交的'xoopsConfigrootpath'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Xoops XFsection Module 1.07 目前没有详细解决方案提供： http://www.xoops.org/...

Remote file inclusion

PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dirmodule parameter...

CVE-2007-3222

PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dirmodule parameter...

CVE-2007-3222

Summary (CVE-2007-3222) : A PHP remote file inclusion vulnerability exists in the XFSection 1.07 module for XOOPS, specifically in modify.php where the dir_module parameter is unsafely used to include PHP code. This allows an attacker to cause arbitrary PHP code execution by supplying a crafted U...

CVE-2007-3222

PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dirmodule parameter...

XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability

No description provided by source. XOOPS Module XFsection Remote File Inclusion version: 1.07 source : http://prdownloads.sourceforge.net/xoops/xoops2-modxfsection-107.zip Discovered by SpLo1T from hTTp://hacking.3Xforum.Ro Bug :...

xoops-xfsection.txt

XOOPS Module XFsection Remote File Inclusion version: 1.07 source : http://prdownloads.sourceforge.net/xoops/xoops2-modxfsection-107.zip Discovered by SpLo1T from hTTp://hacking.3Xforum.Ro Bug : http://www.site.com/modules/xfsection/modify.php?dirmodule=evilcode.txt? Shoutz t0 :...

XOOPS XFSection Module modify.php dir_module Parameter Remote File Inclusion

The remote host is running XFSection, a third-party module for XOOPS. The version of this module installed on the remote host fails to sanitize input to the 'dirmodule' parameter of the 'modify.php' script before using it to include PHP code. Regardless of PHP's 'registerglobals' setting, an...

XOOPS Module XFsection - modify.php Remote File Inclusion

XOOPS Module XFsection - modify.php Remote File Inclusion XOOPS Module XFsection Remote File Inclusion version: 1.07 source : http://prdownloads.sourceforge.net/xoops/xoops2-modxfsection-107.zip Discovered by SpLo1T from hTTp://hacking.3Xforum.Ro Bug :...

XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ======================================================================= XOOPS Module XFsection modify.php Remote File Inclusion Vulnerability ======================================================================= XOOPS Module XFsection...

XOOPS Module XFsection - &#039;modify.php&#039; Remote File Inclusion

XOOPS Module XFsection Remote File Inclusion version: 1.07 source : http://prdownloads.sourceforge.net/xoops/xoops2-modxfsection-107.zip Discovered by SpLo1T from hTTp://hacking.3Xforum.Ro Bug : http://www.site.com/modules/xfsection/modify.php?dirmodule=evilcode.txt? Shoutz t0 :...

Sql injection

SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section aka WF-Sections 1.0.1, as used in Xoops modules such as 1 Zmagazine 1.0, 2 Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via...

CVE-2007-1974

SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section aka WF-Sections 1.0.1, as used in Xoops modules such as 1 Zmagazine 1.0, 2 Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via...

CVE-2007-1974

The CVE-2007-1974 entry describes an SQL injection in WF-Section (XOOPS WF-Section) 1.0.1, via the articleid parameter to print.php, affecting the getArticle function in class/wfsarticle.php. Affected component is the WF-Section XOOPS module; the vulnerability arises from inadequate input sanitiz...

CVE-2007-1974

SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section aka WF-Sections 1.0.1, as used in Xoops modules such as 1 Zmagazine 1.0, 2 Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via...

Xoops Module XFsection &lt;= 1.07 (articleid) BLIND SQL Injection Exploit

No description provided by source. html head titleXOOPS Module XFsection = 1.07 articleid BLIND SQL Injection Exploit/title script type="text/javascript" //'=============================================================================================== //'Script Name: XOOPS Module XFsection = 1.0...

Xoops Module XFsection <= 1.07 (articleid) BLIND SQL Injection Exploit

No description provided by source. XOOPS Module XFsection //'=============================================================================================== //'Script Name: XOOPS Module XFsection = 1.07 articleid BLIND SQL Injection Exploit //'Coded by : ajann //'Author : ajann //'Contact : :...

xoopsxfsec-sql.txt

XOOPS Module XFsection //'=============================================================================================== //'Script Name: XOOPS Module XFsection = 1.07 articleid BLIND SQL Injection Exploit //'Coded by : ajann //'Author : ajann //'Contact : : //'Dork : inurl:/modules/xfsection/...