Digital Security Research Group [DSecRG]

29 exploits Active since Mar 2008
CVE-2008-7054 EXPLOITDB text WRITEUP
ezContents 2.0.3 - Path Traversal via Multiple Parameters
Multiple directory traversal vulnerabilities in ezContents 2.0.3 allow remote attackers to include and execute arbitrary local files via the (1) gsLanguage and (2) language_home parameters to modules/diary/showdiary.php; (3) admin_home, (4) gsLanguage, and (5) language_home parameters to modules/diary/showdiarydetail.php; (6) gsLanguage and (7) language_home parameters to modules/diary/submit_diary.php; (8) admin_home parameter to modules/news/news_summary.php; (9) nLink, (10) gsLanguage, and (11) language_home parameters to modules/news/inlinenews.php; and possibly other unspecified vectors in (12) diary/showeventlist.php, (13) gallery/showgallery.php, (14) reviews/showreviews.php, (15) gallery/showgallerydetails.php, (16) reviews/showreviewsdetails.php, (17) news/shownewsdetails.php, (18) gallery/submit_gallery.php, (19) guestbook/submit_guestbook.php, (20) reviews/submit_reviews.php, (21) news/submit_news.php, (22) diary/inlineeventlist.php, and (23) news/archivednews_summary.php in modules/, related to the lack of directory traversal protection in modules/moduleSec.php.
CVE-2008-1556 EXPLOITDB text WORKING POC
BolinOS 4.6.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in BolinOS 4.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) system/actionspages/_b/contentFiles/gBImageViewer.php, (2) ForEditor parameter to (b) system/actionspages/_b/contentFiles/gBselectorContents.php, (3) the PATH_INFO to (c) gBLoginPage.php and (d) gBPassword.php in system/actionspages/_b/contentFiles/, (4) formlogin parameter to system/actionspages/_b/contentFiles/gBLoginPage.php, and the (5) bolini_searchengine46Search parameter to (e) help/index.php.
CVE-2008-1555 EXPLOITDB text WORKING POC
BolinOS 4.6.1 - Remote File Inclusion via _bFileToInclude Parameter
Directory traversal vulnerability in system/_b/contentFiles/gbincluder.php in BolinOS 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _bFileToInclude parameter.
CVE-2009-1212 EXPLOITDB text WORKING POC
PrecisionID Datamatrix - Buffer Overflow
Multiple insecure method vulnerabilities in PRECIS~2.DLL in the PrecisionID Datamatrix ActiveX control (DMATRIXLib.Datamatrix) allow remote attackers to overwrite arbitrary files via the (1) SaveBarCode and (2) SaveEnhWMF methods.
CVE-2008-7084 EXPLOITDB text WRITEUP
Velocity Security Management System - Path Traversal via URI
Directory traversal vulnerability in the web server 1.0 in Velocity Security Management System allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
CVE-2009-0465 EXPLOITDB text WORKING POC
Synactis ALL In-The-Box ActiveX 3 - File Write
The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\0' character, which bypasses the intended .box filename extension, as demonstrated by a C:\boot.ini\0 argument.
EIP-2026-118519 EXPLOITDB text WORKING POC
EnjoySAP 6.4/7.1 - File Overwrite
EIP-2026-118353 EXPLOITDB text WRITEUP
Chance-i DiViS DVR System Web-Server - Directory Traversal
CVE-2009-1873 EXPLOITDB text WRITEUP
Adobe JRun Application Server 4 Updater 7 - Authenticated Path Traversal via Logfile Parameter
Directory traversal vulnerability in logging/logviewer.jsp in the Management Console in Adobe JRun Application Server 4 Updater 7 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the logfile parameter.
EIP-2026-115041 EXPLOITDB text WORKING POC
Chance-i DiViS-Web DVR System - ActiveX Control Heap Overflow (PoC)
CVE-2008-6884 EXPLOITDB text WORKING POC
XOOPS 2.3.1 - Path Traversal via xoopsConfig[language] Parameter
Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) main.php in xoops_lib/modules/protector/.
CVE-2008-2496 EXPLOITDB text WORKING POC
Quate CMS 0.3.4 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in Quate CMS 0.3.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) login.php, and (3) credits.php in admin/, and (4) upgrade/index.php.
CVE-2008-6253 EXPLOITDB text WRITEUP
Pluck 4.5.3 - Remote Code Execution via g_pcltar_lib_dir Parameter
Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pluck 4.5.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the g_pcltar_lib_dir parameter.
CVE-2008-3365 EXPLOITDB text WORKING POC
Pixelpost 1.7.1 - Remote Code Execution via Language Parameter Path Traversal
Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter.
EIP-2026-111307 EXPLOITDB text WRITEUP
Pixie CMS 1.0 - Multiple Local File Inclusions
CVE-2008-3851 EXPLOITDB text WRITEUP
Pluck CMS 4.5.2 - Unauthenticated Path Traversal via Blogpost, Cat, and File Parameters
Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.php. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incomplete fix for CVE-2008-3194.
CVE-2008-1537 EXPLOITDB text WORKING POC
PowerScripts PowerBook 1.21 - Path Traversal
Directory traversal vulnerability in pb_inc/admincenter/index.php in PowerScripts PowerBook 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
CVE-2008-1534 EXPLOITDB text WORKING POC
PowerPHPBoard 1.00b - Path Traversal
Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) settings[footer] parameter to footer.inc.php and the (2) settings[header] parameter to header.inc.php.
CVE-2008-2482 EXPLOITDB text WORKING POC
insanevisions OneCMS 2.5 - Path Traversal via install_mod.php load Parameter
Directory traversal vulnerability in install_mod.php in insanevisions OneCMS 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the load parameter in a go action.
CVE-2008-2820 EXPLOITDB text WORKING POC
Open Azimyt CMS 0.21-0.22 - Path Traversal via Lang Parameter
Directory traversal vulnerability in lang/lang-system.php in Open Azimyt CMS 0.22 minimal and 0.21 stable allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2008-3390 EXPLOITDB text WORKING POC
Minishowcase Image Gallery <09b136 - Path Traversal
Directory traversal vulnerability in libraries/general.init.php in Minishowcase Image Gallery 09b136, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2008-3384 EXPLOITDB text WORKING POC
Interact Learning Community Environment Interact 2.4.1 - Path Traversal via Help Module and File Parameters
Multiple directory traversal vulnerabilities in help/help.php in Interact Learning Community Environment Interact 2.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) module and (2) file parameters.
CVE-2008-7055 EXPLOITDB text WRITEUP
ezContents 2.0.3 - Remote File Inclusion via Doubled Dot Dot Slash in Link Parameter
module.php in ezContents 2.0.3 allows remote attackers to bypass the directory traversal protection mechanism to include and execute arbitrary local files via "....//" (doubled dot dot slash) sequences in the link parameter, which is not properly filtered using the str_replace function.
CVE-2008-3363 EXPLOITDB text WORKING POC
Dokeos E-Learning System <1.8.5 - Path Traversal
Directory traversal vulnerability in user_portal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the include parameter.
CVE-2008-1557 EXPLOITDB text WORKING POC
BolinOS 4.6.1 - Exposure of Sensitive Information via phpinfo Page
BolinOS 4.6.1 allows remote attackers to obtain sensitive information via a direct request to system/actionspages/_b/contentFiles/gBphpInfo.php, which calls the phpinfo function.