326 matches found
PT-2009-1520 · Xt:Commerce · Xt:Commerce
Name of the Vulnerable Software and Affected Versions: xt:Commerce versions 3.0.4 and earlier Description: The issue allows remote attackers to hijack web sessions by setting the XTCsid parameter in the shopping cart.php file. This enables attackers to take control of user sessions, potentially...
CVE-2007-5185
Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 BETA and earlier allow remote attackers to execute arbitrary PHP code via a URL in the HTMLMENUDirPath parameter to 1 configHTMLMENU.php and 2 configPHPLM.php in phpwcmstemplate/incscript/frontendrender/navigation/...
CVE-2007-5185
In the provided documents, CVE-2007-5185 affects phpWCMS XT 0.0.7 BETA and earlier, describing a Remote File Inclusion flaw. The vulnerability enables remote attackers to execute arbitrary PHP code by supplying a URL via the HTML_MENU_DirPath parameter to the navigation scripts (config_HTML_MENU....
CVE-2007-5185
Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 BETA and earlier allow remote attackers to execute arbitrary PHP code via a URL in the HTMLMENUDirPath parameter to 1 configHTMLMENU.php and 2 configPHPLM.php in phpwcmstemplate/incscript/frontendrender/navigation/...
php wcms XT 0.0.7 Multiple Remote File Inclusion Vulnerabilities
No description provided by source. php WCMS XT 007 BETA = Remote File Inclusion Vulnerability Dork:http://www.google.com.tr/search?hl=tr&q=Copyright+%C2%A9+2007+by+Horst-D.+Kr%C3%B6ller+%C2%B7+CMS%3A+php+WCMS+&meta= Vuln Code...
phpwcms-rfi.txt
?????????? ??????????????? ??????????????????? ??????????????????????? ?????????????????????????? ?????????????????????????????? ????????????????????????????????? ??????????????????????????????????? ????????????????????????????????????? ???????????????????????????????????????...
PHP wcms XT 0.0.7 - Multiple Remote File Inclusions
?????????? ??????????????? ??????????????????? ??????????????????????? ?????????????????????????? ?????????????????????????????? ????????????????????????????????? ??????????????????????????????????? ????????????????????????????????????? ???????????????????????????????????????...
PHP wcms XT 0.0.7 - Multiple Remote File Inclusions
PHP wcms XT 0.0.7 - Multiple Remote File Inclusions ?????????? ??????????????? ??????????????????? ??????????????????????? ?????????????????????????? ?????????????????????????????? ????????????????????????????????? ??????????????????????????????????? ?????????????????????????????????????...
php wcms XT 0.0.7 Multiple Remote File Inclusion Vulnerabilities
Exploit for unknown platform in category web applications ================================================================ php wcms XT 0.0.7 Multiple Remote File Inclusion Vulnerabilities ================================================================ ?????????? ??????????????? ?????????????????...
xtconteudo-rfi.txt
/ \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title XT-Conteudo XOOPS Module Remote File Inclusion Vulnerability Description Content module for XOOPS CMS Vuln Code In /admin/spaw/spawcontrol.class.php...
CVE-2007-3221
PHP remote file inclusion vulnerability in admin/spaw/spawcontrol.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...
Immunity Canvas: XOOPS_XTCONTEUDO
Name| xoopsxtconteudo ---|--- CVE| CVE-2007-3221 Exploit Pack| CANVAS Description| Xoops XT-Conteudo Notes| CVSS: 6.8 Repeatability: Infinite VENDOR: Xoops CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3221 CVE Name: CVE-2007-3221...
Remote file inclusion
PHP remote file inclusion vulnerability in admin/spaw/spawcontrol.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...
CVE-2007-3221
PHP remote file inclusion vulnerability in admin/spaw/spawcontrol.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...
CVE-2007-3221
CVE-2007-3221 is a PHP remote file inclusion in XOOPS XT-Conteudo module; the vulnerable file is admin/spaw/spaw_control.class.php, exploitable via a URL in the spaw_root parameter to execute arbitrary PHP code. The issue is noted as probably a duplicate of CVE-2006-4656. Related entries (CVE-200...
XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
No description provided by source. / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title XT-Conteudo XOOPS Module Remote File Inclusion&n...
XOOPS Module XT-Conteudo - 'spaw_root' Remote File Inclusion
/ \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title XT-Conteudo XOOPS Module Remote File Inclusion Vulnerability Description Content module for XOOPS CMS Vuln Code In /admin/spaw/spawcontrol.class.php...
XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
Exploit for unknown platform in category web applications ====================================================== XOOPS Module XT-Conteudo spawroot RFI Vulnerability ====================================================== / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | ||...
XT-Stats XT_Counter.PHP远程文件包含漏洞
XT-Stats是一款基于PHP的WEB应用程序。 XT-Stats不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'XTCounter.PHP'脚本对用户提交的'serverbasedir'参数缺少过滤,指定远程服务器上的文件作为包含参数,可导致以WEB权限执行任意命令。 xt-scripts xt-stats 2.4 .b3 目前没有解决方案提供,请关注以下链接: http://www.xt-scripts.com/index.php?p=0...
Remote file inclusion
PHP remote file inclusion vulnerability in xtcounter.php in Xt-Stats 2.3.x up to 2.4.0.b3 allows remote attackers to execute arbitrary PHP code via a URL in the serverbasedir parameter...