Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 07:57:27 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1836949977&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=File%20Inclusion%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Ffile_inclusion%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1836949977.1338191847.1338191847.1338191847.1%3B%2B__utmz%3D32867617.1338191847.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/113050/symantecwg-lfi.txt http://packetstormsecurity.org/files/113050/symantecwg-lfi.txt http://packetstormsecurity.org/files/113050/Symantec-Web-Gateway-5.0.2-Local-File-Inclusion.html Sat, 26 May 2012 15:04:17 GMT Symantec Web Gateway version 5.0.2 remote local file inclusion root exploit. http://packetstormsecurity.org/files/113036/pligg121-lfixss.txt http://packetstormsecurity.org/files/113036/pligg121-lfixss.txt http://packetstormsecurity.org/files/113036/Pligg-CMS-1.2.1-Cross-Site-Scripting-Local-File-Inclusion.html Fri, 25 May 2012 20:24:38 GMT Pligg CMS version 1.2.1 suffers from cross site scripting and local file inclusion vulnerabilities. http://packetstormsecurity.org/files/112970/ajamintgallery-lfi.txt http://packetstormsecurity.org/files/112970/ajamintgallery-lfi.txt http://packetstormsecurity.org/files/112970/Ajaxmint-Gallery-1.0-Local-File-Inclusion.html Wed, 23 May 2012 02:52:42 GMT Ajaxmint Gallery version 1.0 suffers from a local file inclusion vulnerability. http://packetstormsecurity.org/files/112969/ruubik111-xssdisclosetraversal.txt http://packetstormsecurity.org/files/112969/ruubik111-xssdisclosetraversal.txt http://packetstormsecurity.org/files/112969/RuubikCMS-1.1.0-Beta-XSS-Disclosure-Directory-Traversal.html Wed, 23 May 2012 02:50:41 GMT RuubikCMS version 1.1.0 Beta suffers from cross site scripting, information disclosure, and directory traversal vulnerabilities. http://packetstormsecurity.org/files/112933/acuitycms-traversal.txt http://packetstormsecurity.org/files/112933/acuitycms-traversal.txt http://packetstormsecurity.org/files/112933/Acuity-CMS-2.6.x-Directory-Traversal.html Sun, 20 May 2012 17:22:11 GMT Acuity CMS version 2.6.x suffers from a directory traversal vulnerability. http://packetstormsecurity.org/files/112859/cryptographp-hrslfi.txt http://packetstormsecurity.org/files/112859/cryptographp-hrslfi.txt http://packetstormsecurity.org/files/112859/Cryptographp-Local-File-Inclusion-HTTP-Response-Splitting.html Fri, 18 May 2012 02:22:22 GMT Cryptographp suffers from local file inclusion and HTTP response splitting vulnerabilities. http://packetstormsecurity.org/files/112620/elearning4g-sqlrfi.txt http://packetstormsecurity.org/files/112620/elearning4g-sqlrfi.txt http://packetstormsecurity.org/files/112620/eLearning-Server-4G-Remote-File-Inclusion-SQL-Injection.html Fri, 11 May 2012 02:38:24 GMT eLearning Server version 4G suffers from remote file inclusion and remote SQL injection vulnerabilities. http://packetstormsecurity.org/files/112588/Finding_LFI_and_RFI.pdf http://packetstormsecurity.org/files/112588/Finding_LFI_and_RFI.pdf http://packetstormsecurity.org/files/112588/Finding-RFI-And-LFI-Exploiting-And-Patching.html Tue, 08 May 2012 21:50:00 GMT This is a brief whitepaper that discusses finding remote and local file inclusion vulnerabilities and how to exploit and patch them. http://packetstormsecurity.org/files/112417/pluxml-lfi.txt http://packetstormsecurity.org/files/112417/pluxml-lfi.txt http://packetstormsecurity.org/files/112417/PluXml-5.1.5-Local-File-Inclusion.html Wed, 02 May 2012 21:33:05 GMT PluXml version 5.1.5 suffers from a local file inclusion vulnerability. http://packetstormsecurity.org/files/112377/strato-traversal.txt http://packetstormsecurity.org/files/112377/strato-traversal.txt http://packetstormsecurity.org/files/112377/Strato-Newsletter-Manager-Directory-Traversal.html Wed, 02 May 2012 01:22:52 GMT Strato Newsletter Manager suffers from a directory traversal vulnerability. http://packetstormsecurity.org/files/112331/vbulletin4110-lfi.txt http://packetstormsecurity.org/files/112331/vbulletin4110-lfi.txt http://packetstormsecurity.org/files/112331/vBulletin-4.1.10-Local-File-Inclusion.html Mon, 30 Apr 2012 14:26:53 GMT vBulletin version 4.1.10 suffers from a local file inclusion vulnerability in functions_cron.php. http://packetstormsecurity.org/files/112313/sococms-lfi.txt http://packetstormsecurity.org/files/112313/sococms-lfi.txt http://packetstormsecurity.org/files/112313/Soco-CMS-Local-File-Inclusion.html Sun, 29 Apr 2012 14:22:22 GMT Soco CMS suffers from a local file inclusion vulnerability. http://packetstormsecurity.org/files/112304/mysqldumper-lfixssxsrftraversal.txt http://packetstormsecurity.org/files/112304/mysqldumper-lfixssxsrftraversal.txt http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html Fri, 27 Apr 2012 23:56:57 GMT MySQLDumper version 1.24.4 suffers from code execution, cross site request forgery, cross site scripting, local file inclusion, and directory traversal vulnerabilities. http://packetstormsecurity.org/files/112284/sirmanet-lfixss.txt http://packetstormsecurity.org/files/112284/sirmanet-lfixss.txt http://packetstormsecurity.org/files/112284/SirmaNET-Web-Design-Cross-Site-Scripting-Local-File-Inclusion.html Fri, 27 Apr 2012 20:25:06 GMT SirmaNET Web Design suffers from cross site scripting and local file inclusion vulnerabilities. http://packetstormsecurity.org/files/112173/piwigo-traversalxss.txt http://packetstormsecurity.org/files/112173/piwigo-traversalxss.txt http://packetstormsecurity.org/files/112173/Piwigo-2.3.3-Cross-Site-Scripting-Directory-Traversal.html Wed, 25 Apr 2012 18:37:04 GMT Piwigo version 2.3.3 suffers from cross site scripting and directory traversal vulnerabilities. http://packetstormsecurity.org/files/112161/joomlavideogallery-lfisql.txt http://packetstormsecurity.org/files/112161/joomlavideogallery-lfisql.txt http://packetstormsecurity.org/files/112161/Joomla-Video-Gallery-Local-File-Inclusion-SQL-Injection.html Tue, 24 Apr 2012 17:22:22 GMT The Joomla Video Gallery component suffers from local file inclusion and remote SQL injection vulnerabilities. http://packetstormsecurity.org/files/112088/VL-154.txt http://packetstormsecurity.org/files/112088/VL-154.txt http://packetstormsecurity.org/files/112088/IPhone-TreasonSMS-HTML-Injection-File-Inclusion.html Mon, 23 Apr 2012 18:55:33 GMT IPhone TreasonSMS suffers from html injection and file inclusion vulnerabilities. http://packetstormsecurity.org/files/111959/newscoop-sqlxssrfi.txt http://packetstormsecurity.org/files/111959/newscoop-sqlxssrfi.txt http://packetstormsecurity.org/files/111959/Newscoop-3.5.3-XSS-RFI-SQL-Injection.html Wed, 18 Apr 2012 23:56:22 GMT Newscoop version 3.5.3 suffers from cross site scripting, remote file inclusion, and remote SQL injection vulnerabilities. http://packetstormsecurity.org/files/111906/joomlajat3-traversal.txt http://packetstormsecurity.org/files/111906/joomlajat3-traversal.txt http://packetstormsecurity.org/files/111906/Joomla-JA-T3-Framework-Directory-Traversal.html Sun, 15 Apr 2012 19:11:11 GMT Joomla JA T3-Framework suffers from a directory traversal vulnerability. http://packetstormsecurity.org/files/111892/VL-498.txt http://packetstormsecurity.org/files/111892/VL-498.txt http://packetstormsecurity.org/files/111892/Cyberoam-UTM-10.01.2-Build-059-Local-File-Inclusion.html Sun, 15 Apr 2012 18:11:11 GMT Cyberoam UTM version 10.01.2 build 059 suffers from a local file inclusion vulnerability. http://packetstormsecurity.org/files/111819/waraxe-2012-SA086.txt http://packetstormsecurity.org/files/111819/waraxe-2012-SA086.txt http://packetstormsecurity.org/files/111819/Invision-Power-Board-3.3.0-Local-File-Inclusion.html Fri, 13 Apr 2012 00:06:28 GMT Invision Power Board version 3.3.0 suffers from a local file inclusion vulnerability. http://packetstormsecurity.org/files/111682/waraxe-2012-SA084.txt http://packetstormsecurity.org/files/111682/waraxe-2012-SA084.txt http://packetstormsecurity.org/files/111682/OpenCart-1.5.2.1-LFI-Shell-Upload-Response-Splitting.html Mon, 09 Apr 2012 10:10:10 GMT OpenCart version 1.5.2.1 suffers from arbitrary file upload, HTTP response splitting, local file inclusion, path disclosure, and failed randomness vulnerabilities. http://packetstormsecurity.org/files/111694/VL-414.txt http://packetstormsecurity.org/files/111694/VL-414.txt http://packetstormsecurity.org/files/111694/US-UF-Services-EDU-Health-File-Inclusion.html Sun, 08 Apr 2012 20:22:22 GMT The Uniformed Services University of the Health Sciences (USU) suffers from a file inclusion vulnerability. http://packetstormsecurity.org/files/111693/citrusdb-lfisql.txt http://packetstormsecurity.org/files/111693/citrusdb-lfisql.txt http://packetstormsecurity.org/files/111693/CitrusDB-2.4.1-Local-File-Inclusion-SQL-Injection.html Sat, 07 Apr 2012 22:22:22 GMT CitrusDB version 2.4.1 suffers from local file inclusion and remote SQL injection vulnerabilities. http://packetstormsecurity.org/files/111545/phppaleo-lfi.txt http://packetstormsecurity.org/files/111545/phppaleo-lfi.txt http://packetstormsecurity.org/files/111545/phpPaleo-4.8b156-Local-File-Inclusion.html Wed, 04 Apr 2012 14:49:56 GMT phpPaleo version 4.8b156 suffers from a local file inclusion vulnerability. A vulnerability exists in index.php for language handling that allows for local file inclusion using a null-byte attack on the 'lang' GET parameter.