CVE-2009-0571

admin.php in Ninja Designs Mailist 3.0 stores backup copies of maillist.php under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the backup directory...

CVE-2009-0571

The CVE-2009-0571 entry affects Ninja Designs Mailist 3.0. The admin.php component stores backup copies of maillist.php under the web root with insufficient access control, allowing remote attackers to obtain sensitive information via a direct request to the backup directory. The provided documen...

Graugon Gallery 1.0 (XSS/SQL/Cookie Bypass) Remote Vulnerabilities

No description provided by source. 0x01 Informations: Name : Graugon Gallery 1.0 Download : http://www.hotscripts.com/jump.php?listingid=87617&jumptype=1 Vulnerability : Sql Injection/ Insecure Cookie Handling/XSS Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug:...

Potato News 1.0.0 Local File Inclusion

0x01 Informations: Name : Potato News 1.0.0 Download : http://potato-news.googlecode.com/files/potatonews-1.0.0.zip Vulnerability : LFI Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/admin.php Code "; else echo ""; /code 0x03 Exploit: Exploi...

Potato News 1.0.0 - Local File Inclusion

0x01 Informations: Name : Potato News 1.0.0 Download : http://potato-news.googlecode.com/files/potatonews-1.0.0.zip Vulnerability : LFI Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/admin.php Code "; else echo ""; /code 0x03 Exploit: Exploi...

Potato News 1.0.0 - Local File Inclusion

Potato News 1.0.0 - Local File Inclusion 0x01 Informations: Name : Potato News 1.0.0 Download : http://potato-news.googlecode.com/files/potatonews-1.0.0.zip Vulnerability : LFI Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/admin.php Code ";...

Potato News 1.0.0 (user) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications =========================================================== Potato News 1.0.0 user Local File Inclusion Vulnerability =========================================================== 0x01 Informations: Name : Potato News 1.0.0 Download :...

SilverNews 2.04 (Auth Bypass/LFI/RCE) Multiple Vulnerabilities

No description provided by source. 0x01 Informations: Name : SilverNews 2.04 Download : http://www.silver-scripts.de/scripts.php?script=SilverNews&l=en Vulnerability : Auth Bypass\LFI\RCE Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is...

SilverNews 2.04 (Auth Bypass/LFI/RCE) Multiple Vulnerabilities

Exploit for unknown platform in category web applications ============================================================== SilverNews 2.04 Auth Bypass/LFI/RCE Multiple Vulnerabilities ============================================================== 0x01 Informations: Name : SilverNews 2.04 Download :...

Mailist 3.0 - Insecure Backup / Local File Inclusion

Mailist 3.0 Insecure Backup/Local File Inclusion + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + www.hellzone.info + www.anti-intruders.org + Homepage : http://ninjadesigns.co.uk/ + Download : http://ninjadesigns.co.uk/enter/mailist.zip + Insecure Backup - Vulnerable code in...

Mailist 3.0 Insecure Backup / LFI

Mailist 3.0 Insecure Backup/Local File Inclusion + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + www.hellzone.info + www.anti-intruders.org + Homepage : http://ninjadesigns.co.uk/ + Download : http://ninjadesigns.co.uk/enter/mailist.zip + Insecure Backup - Vulnerable code in...

txtBB 1.0 RC3 - HTML/JS Injection / Arbitrary Add Admin Privileges

var req = new XMLHttpRequest; req.open'POST', 'admin.php?action=users&type=edit&login=USERNICK&save=1', false; req.setRequestHeader'Content-Type', 'application/x-www-form-urlencoded'; req.send'signature=&avatar=&type=3&password=&submit=Zapisz'; milw0rm.com 2009-02-05...

CVE-2009-0275

Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/header via the header parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: the provenance...

CVE-2009-0275

Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/header via the header parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: the provenance...

CVE-2009-0275

CVE-2009-0275 affects Ryneezy phoSheezy 0.2 via a static code injection vulnerability in admin.php that lets an authenticated admin inject PHP into config/header (and related config/footer, header) and can be exploited via CVE-2009-0250 to facilitate unauthenticated access. The issue is documente...

CVE-2009-0251

Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: some of these...

CVE-2009-0251

Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: some of these...

CVE-2009-0251

CVE-2009-0251 affects Ryneezy phoSheezy 0.2: static code injection in admin.php allows remote authenticated admins to inject PHP into config/footer via the footer parameter. NOTE: exploitation can be chained via CVE-2009-0250, which may enable unauthenticated access to sensitive config data. The ...

CMScout 2.06 SQL Injection / Local File Inclusion

CMScout 2.06 Remote SQL Injection/Local File Inclusion + Discovered By SirGod + Visit : www.mortal-team.org + Visit : www.h4cky0u.org + Greetz : All my friends + Script homepage : http://www.cmscout.co.za/ + Dork : Powered by CMScout c2005 CMScout Group + Remote SQL Injection...

CMScout 2.06 SQL Injection/Local File Inclusion Vulnerabilities

No description provided by source. + CMScout 2.06 Remote SQL Injection/Local File Inclusion + Discovered By SirGod + Visit : www.mortal-team.org + Visit : www.h4cky0u.org + Greetz : All my friends + Script homepage : http://www.cmscout.co.za/ + Dork : Powered by CMScout c2005 CMScout Group + Remo...