82 matches found
CVE-2013-4952
SQL injection vulnerability in functions/global.php in Elemata CMS RC 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter...
4Images 1.7.8 - Remote File Inclusion
4Images 1.7.8 - Remote File Inclusion Exploit Title: 4images1.7.8 Remote File Include Date: 23-8-2010 Author: LoSt.HaCkEr / aDaMTRoJaN Software Link: http://www.4homepages.de/4images/download.php Version: v 1.7.8 Tested on: Windows XP CVE : Contact: LoSt.HaCkEratyahoodotcom /0r/ ...
4Images 1.7.8 - Remote File Inclusion
Exploit Title: 4images1.7.8 Remote File Include Date: 23-8-2010 Author: LoSt.HaCkEr / aDaMTRoJaN Software Link: http://www.4homepages.de/4images/download.php Version: v 1.7.8 Tested on: Windows XP CVE : Contact: LoSt.HaCkEratyahoodotcom /0r/ [email protected]...
EggBlogg 4.1 <= LFI Vulnerability
Exploit for php platform in category web applications ================================= EggBlogg 4.1 = LFI Vulnerability ================================= Exploit Title: EggBlogg 4.1 = LFI Date: 28 luglio 2010 Author: Anti Sec Software Link: http://eggblog.net/ Version: 4.1 Google dork : Eggblogg...
CMS control panel v2.0 Edit File Vulnerability
Exploit for php platform in category web applications ============================================== CMS control panel v2.0 Edit File Vulnerability ============================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /...
Directory traversal
Directory traversal vulnerability in global.php in 4images before 1.7.7, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter...
CVE-2009-2132
Directory traversal vulnerability in global.php in 4images before 1.7.7, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter...
CVE-2009-2132
CVE-2009-2132 describes a directory traversal vulnerability in the PHP script global.php of 4images prior to 1.7.7. When magic_quotes_gpc is disabled, an attacker can use directory traversal sequences in the l parameter to include and execute arbitrary local files. Documents do not provide exploi...
DreamArticle 3.0 background the validation logic vulnerability and injection vulnerabilities, resulting in a direct login to backend-bug warning-the black bar safety net
Team: bbs.wolvez.org By q1ur3n 在 admin/global.php there is such a piece of code, used to implement the”remember password”in the login back-office functions. $administrator = getcookie"administrator"; $adminpassword = getcookie"adminpassword"; if $administrator && $adminpassword...
4Images 1.7.6 Local Inclusion Vulnerability
Bug file : global.php if isset$HTTPGETVARS'l' || isset$HTTPPOSTVARS'l' $requestedl = isset$HTTPGETVARS'l' ? trim$HTTPGETVARS'l' : trim$HTTPPOSTVARS'l'; if $requestedl != $config'languagedir' && fileexistsROOTPATH.'lang/'.$requestedl.'/main.php' $l = $requestedl; $config'languagedir' = $l;...
Multi SEO phpBB 1.1.0 (pfad) Remote File Inclusion Vulnerability
No description provided by source. ========================================================================== o Multi SEO phpBB 1.1.0 Remote File Inclusion Vulnerability Software : Multi SEO phpBB version 1.1.0 Vendor : http://www.phpbb-seo.de/ Download :...
Multi SEO phpBB 1.1.0 - Remote File Inclusion
Multi SEO phpBB 1.1.0 - Remote File Inclusion ========================================================================== o Multi SEO phpBB 1.1.0 Remote File Inclusion Vulnerability Software : Multi SEO phpBB version 1.1.0 Vendor : http://www.phpbb-seo.de/ Download :...
Multi SEO phpBB 1.1.0 (pfad) Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ================================================================ Multi SEO phpBB 1.1.0 pfad Remote File Inclusion Vulnerability ================================================================...
Multi SEO phpBB 1.1.0 - Remote File Inclusion
========================================================================== o Multi SEO phpBB 1.1.0 Remote File Inclusion Vulnerability Software : Multi SEO phpBB version 1.1.0 Vendor : http://www.phpbb-seo.de/ Download : http://www.phpbb-seo.de/downloads/multi.html Author : NoGe Contact :...
iShowMusic V1. 2 direct write shell vulnerability-vulnerability warning-the black bar safety net
By qiur3n http://www.wolvez.org/ 2008-06-17 iShow Music is a basic set in the PHP+TXT online music player. The program uses text data stored in a way, without MYSQL database support, and the program code and interface templates separated, and easy to your music website interface to modify. Offici...
PHP Live Helper 2.0.1 - Multiple Vulnerabilities
GulfTech Security Research August 16, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : PHP Live Helper DBsite-queryfirst"SELECT FROM ". $this-dbprefix.$table." where ".$from."='$id'"; if isarray$result foreach $result as $key = $val $info$key = stripslashes$val;...
MercuryBoard <= 1.1.5 (login.php) Remote Blind SQL Injection Exploit
Exploit for unknown platform in category web applications ==================================================================== MercuryBoard settitle$this-lang-loginheader; 55. $this-tree$this-lang-loginheader; 56. 57. //print "agent: $this-agent\n"; 58. 59. if !isset$this-post'submit' 60...
MercuryBoard 1.1.5 - login.php Blind SQL Injection
MercuryBoard 1.1.5 - login.php Blind SQL Injection settitle$this-lang-loginheader; 55. $this-tree$this-lang-loginheader; 56. 57. //print "agent: $this-agent\n"; 58. 59. if !isset$this-post'submit' 60. $requesturi = $this-geturi; 61. 62. if substr$requesturi, -8 == 'register' 63. $requesturi =...
sablog 1.6 多个跨站漏洞
sablog是国内安全研究人员写的一款blog程序。由于过滤不严,存在多个跨站漏洞 www.sablog.net sablog 1.6 在global.php中过滤curl,cid,setday等 $modelink = ''; if $action $modelink .= '&action='.$action; if $curl $modelink .= '&curl='.htmlspecialchars$curl; if $cid $modelink .= '&cid='.htmlspecialchars$cid; if $setdate $modelink .=...