Re: phpcms <=- 1.1.7 Remote File Inclusion

Hi, This bug was already reported by Federico Fazzi and assigned CVE-2006-3019. Stuart

Re: ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure")

I have just been told that the real name of "timeless" is Josh Soref (apparently a well-known Mozilla contributor). I made the same wrong reference in my post on breaking DNS-pinning (http://shampoo.antville.org/stories/1451301). Best, Martin On 12/25/06, Amit Klein <[EMAIL PROTECTED]> wrote:

LuckyBot v3 Remote File Include

* * LuckyBot v3 Remote File Include Exploerd by: Red_Casper

[OpenPKG-SA-2006.043] OpenPKG Security Advisory (links)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public):OpenPKG-SA-2006.043 Advisory Type: OpenPKG Security Adv

[OpenPKG-SA-2006.042] OpenPKG Security Advisory (openser)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public):OpenPKG-SA-2006.042 Advisory Type: OpenPKG Security Adv

logahead UNU edition 1.0 Remote File Upload & code execution

-=[ADVISORY---]=- logahead UNU edition 1.0 Author: CorryL[EMAIL PROTECTED] -=[---]=- -=[+] App

XSS - CMS Made Simple v1.0.2

Product: CMS Made Simple v1.0.2 Class: XSS Website: http://www.cmsmadesimple.org Found by: L0j1k of D.I.E. Inc. Googledork: "powered by cms made simple" -=-=-=-=- - Summary: Optional user comment module not properly sanitized for tags. -=-=-=-=- - PoC: Input the following into user comment form

HLStats Remote SQL Injection Exploit

Hlstats is more than 5 years old. HLstats has been downloaded more than 270,000 from http://sf.net. Nothing more than absolutely benign XSS has been reported for this application, until NOW. Merry Christmass, --Michael Brooks Homepage: http://sourceforge.net/projects/hlstats/ -BEGIN

PhpbbXtra v2.0 (phpbb_root_path) Remote File Include Vulnerability

--- PhpbbXtra v2.0 (phpbb_root_path) Remote File Include Vulnerability --- Author: xoron --- Vuln Code: include($phpbb_root_path . 'includes/bbcode.'.$phpEx); -

phpcms <=- 1.1.7 Remote File Inclusion

#phpcms <=- 1.1.7 Remote File Inclusion #Download Source : #http://phpcms.de/files/phpcms_1_1_7.zip #Found By : b0rizQ #Greetz : Nuck3r + Crack_Man + Red_Casper + RaChidox + Broken-Proxy + S4mi _ File : class.cache_phpcms.php --Bugs-

Cahier de texte V2.2 Bypass general access protection exploit

'Administrateur') { header("Location: ../index.php");} ;} else { header("Location: ../index.php");}?> ... */ if(!isset($_GET['host']) || empty($_GET['host'])) headers(); if(!isset($_GET['wanted'])) $wanted = 'index.php'; $host = $_GET['host']; $prox = $_GET['prox']; $path = $_GET['path']; e