Neteyes Nexusway is susceptible to remote command execution flaws.
3c0085aab73ff2d0b5a2205c2c5bfc196968491832706a4556c3eaf34f456351Mambo 4.5.2.1 + MySQL 4.1 fetch password hash exploit.
f9a8b250ec575ebc3bce0a780658be14c64dc39dde65caf8f5a99bb25084eb9bPostnuke versions 0.750 through 0.760rc4 suffer from a local file inclusion flaw.
7b0f87fcae45db47df7c25020b0f0c231da5f70bf5eeff9921b6836bdbf41087runcms/e-xoops 1.1A is susceptible to a file upload vulnerability.
f357acef79d511b8327f5694827e7fba90492b0c6777861d5df98d39f922935cXOOPs version 2.0.9.2 is susceptible to a weak file extension validation flaw.
bde7dea65d2d64e2b5c8fb97aef94acfe79147acdc50f3084d5ff62646911dd9vBulletin versions 3.0.6 and below suffer from a php code injection vulnerability.
a37765e22228c50dded19ac2de68ec743bdd6bb6af8bc5c38e23b404594431aaRemote command execution exploit for phpBB 2.0.10 that makes use of a flaw in the viewtopic.php code.
aee65c849185b91d9b59593d7e00fe8fd6ad03efd250948a95761326bdf70a7dphpBB versions 2.0.6 and below suffer from a SQL injection vulnerability in the search.php file. Workaround included.
44c9e7e77f8b0035b663e5007df768b98d174db76143681916d252a11e5bef0aPHPNuke versions 6.x and greater remote php-based exploit that extracts the administrator hash using a SQL injection attack.
791d39105cfc044976d705a568eb8942b33b8ffcca0d90a5ec35d5163bb96b29PHPNuke versions greater than 6.9 are susceptible to SQL injection attacks that allow a remote attacker to get an administrator's hash to achieve to administrator access.
196be36424aa5fc3b4254f4bdc25f86db3c950d389530996b6ecc6b6df1a2e7eProof of concept remote exploit for Foxweb 2.5 on Microsoft Windows that achieves access of the web server user id and makes use of a buffer overflow found in the PATH_INFO variable in foxweb.dll.
acda3c0fb0938e9fbbd07848f2cc1d6b3651f7d31839f816dca84820331df857Scan Associates Sdn Bhd Security Advisory - A buffer overflow vulnerability has been discovered in Foxweb 2.5 for Microsoft Windows that will allow a remote attacker to execute commands as the web server id.
1437120ee0c894dc2a4177fb6df3c7840922cfbe2b2abd05c1f3f8d85c291ae3Proof of concept exploit for mnoGoSearch 3.2.10 that spawns a shell as the webserver user id by overflowing the tmplt variable.
c15d5316bdf16f81657526878c11a47b32fd6928f4c75148f179c287d6f99817Proof of concept exploit for mnoGoSearch 3.1.20 that performs remote command execution as the webserver user id.
168a6ae597d201173eb31793c1ca63cc6a43809ec5bbf130f10d5b38f5213886mnGoSearch, formerly known as UdmSearch, has buffer overflow vulnerabilities in versions 3.1.20 and 3.2.10. In 3.1.20, the ul variable can be overflowed to allow remote command execution as the webserver user id. In 3.2.10, a remote attacker can crash search.cgi by overflowing the tmplt variable.
ac17442c31b15e3413d421ae705ffc5b64ba90f58e3a9a45847804e8ab31da87b2 cafelog is a blogger system that comes with the b2-tools directory. The PHP scripts contained within this directory allow a remote user to specify input for a variable that in turn allows for remote command execution.
303e14dc96189722767c93e3ea40afeaf693f6f8d289af86f1945f615d437766Geeklog version 1.3.7ar1 and below is susceptible to multiple vulnerabilities. There is a SQL integer manipulation flaw in the authentication script that will allow a remote attacker to get administrative access and there is also a lack of error checking when images are uploaded that allow an attacker to upload files with php code that can be used to execute any command as apache user on remote server.
b929f64a82369714c4e73c1aa6713942f4e3fa31bd56ba1f5265811388f21c2bWebfroot Shoutbox v2.32 and below suffers from a directory traversal and code injection vulnerability that allows a remote attacker to view any file on the system and the ability to commit remote command execution.
96dae25093b042b892ea5293b33240d84967d48cd1aef6c7743870e4dd15cf1ePostnuke v0.723 has SQL injection and directory traversal vulnerabilities which allow an attacker to view directories and perform remote command execution.
c7174c9efaf63c50640a797daaf52e208c587ea7527c490209c5b8d8130f87bcMandrake 8.2 linuxconf local root exploit.
10ac292ecd095adfff7090099b436f9adcb2b98fee0c74a8249eeff765272b78Another Proof of Concept exploit for the local buffer overflow vulnerability existing in linuxconf v1.28r3 and below which allows users to spawn a root shell. Tested on Mandrake Linux 8.2.
92e6ec24f409a9f1006245445fec7ad60fc8f719a98109578dd3758317bd6a9c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed