aal-lfi.txt

ActualAnalyzer Lite free 2.78 LOCAL FILE INCLUSION AUTHOR : IRCRASH Dr.Crash Or Khashayar Fereidani Discovered by : IRCRASH Dr.Crash Or Khashayar Fereidani Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash Or Khashayar Fereidani - Hadi Kiamarsi - Malc0de - R3d.w0rm - Rasool Nasr Scrip...

CVE-2008-1860

Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter...

CVE-2008-1860

LokiCMS versions 0.3.3 and earlier are affected by a static code injection vulnerability in admin.php, allowing remote attackers to inject arbitrary PHP into includes/Config.php via the default parameter. The issue arises from the underlying code path described in CVE-2008-1860 and is rated with ...

RX Maxsoft - 'fotoID' SQL Injection

Provozováno na RS MAXSOFT SQL-Injection PAGE:http://redakcni-system.maxsoft.cz/ AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 BLOG : http://my.opera.com/SQL-Injection/blog/ MAiL : [email protected] DORK 1 : "RS MAXSOFT" DORK 2 : "Provozováno na RS MAXSOFT" you will se...

LokiCMS 0.3.3 - Remote Command Execution

LokiCMS 0.3.3 - Remote Command Execution Author: GiReX mySite: girex.altervista.org Date: 8/04/08 CMS: LokiCMS ; last if $cmd eq 'exit'; last if iserrorgetprint$host."includes/Config.php?cmd=$cmd"; print $resp; sub banner print "+ LokiCMS = 0.3.3 Remo...

LokiCMS <= 0.3.3 Remote Command Execution Exploit

Exploit for unknown platform in category web applications ================================================= LokiCMS = 0.3.3 Remote Command Execution Exploit ================================================= Author: GiReX Date: 8/04/08 CMS: LokiCMS = 0.3.3 Site: lokicms.com Bug: PHP Code Injection...

LokiCMS 0.3.3 - Remote Command Execution

Author: GiReX mySite: girex.altervista.org Date: 8/04/08 CMS: LokiCMS ; last if $cmd eq 'exit'; last if iserrorgetprint$host."includes/Config.php?cmd=$cmd"; print $resp; sub banner print "+ LokiCMS...

mcGallery 1.1 - admin.php?lang Cross-Site Scripting

mcGallery 1.1 - admin.php?lang Cross-Site Scripting source: https://www.securityfocus.com/bid/28587/info mcGallery is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for 1 classes/classadmin.php and 2 classes/classcomments.php. NOTE: the provenance of this information is unknown; the details are...

PT-2008-3075 · Oocomments · Oocomments

Name of the Vulnerable Software and Affected Versions: ooComments version 1.0 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for classes/class admin.php and classes/class comments.php, such as the API endpoint "/classes/class...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in MG2 formerly Minigal allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action...

CVE-2008-1228

Cross-site scripting XSS vulnerability in admin.php in MG2 formerly Minigal allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action...

CVE-2008-1228

CVE-2008-1228 is a cross-site scripting (XSS) flaw in MG2 (formerly Minigal) that affects the admin.php interface. The vulnerability is triggered by the list parameter during an import action, allowing remote attackers to inject arbitrary web script or HTML. Documents consistently describe this a...

CVE-2008-1228

Cross-site scripting XSS vulnerability in admin.php in MG2 formerly Minigal allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action...

CVE-2008-0734

SQL injection vulnerability in classauth.php in Limbo CMS 1.0.4.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the cuid cookie parameter to admin.php...

Sql injection

SQL injection vulnerability in classauth.php in Limbo CMS 1.0.4.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the cuid cookie parameter to admin.php...

CVE-2008-0377

MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php...

CVE-2008-0359

Multiple cross-site scripting XSS vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 admin.php or 2 index.php in photo/...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 admin.php or 2 index.php in photo/...

Sql injection

Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the 1 status, 2 sort, and 3 way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the 4 msg and 5 password...