CVE-2009-0673

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PhpForums.net mcGallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the lang parameter to 1 admin.php, 2 index.php, 3 sess.php, 4 stats.php, 5 detail.php, 6 resize.php, and 7 show.php. NOTE: the provenance of this...

CVE-2008-6212

Php-Stats 0.1.9.1 is affected by a cross-site scripting (XSS) vulnerability in admin.php, exploitable via the sel_mese and sel_anno parameters in a systems action. The issue could allow a remote attacker to inject arbitrary web script or HTML when the affected page is loaded. No remediation detai...

CVE-2009-0571

admin.php in Ninja Designs Mailist 3.0 stores backup copies of maillist.php under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the backup directory...

CVE-2009-0571

The CVE-2009-0571 entry affects Ninja Designs Mailist 3.0. The admin.php component stores backup copies of maillist.php under the web root with insufficient access control, allowing remote attackers to obtain sensitive information via a direct request to the backup directory. The provided documen...

Graugon Gallery 1.0 (XSS/SQL/Cookie Bypass) Remote Vulnerabilities

No description provided by source. 0x01 Informations: Name : Graugon Gallery 1.0 Download : http://www.hotscripts.com/jump.php?listingid=87617&jumptype=1 Vulnerability : Sql Injection/ Insecure Cookie Handling/XSS Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug:...

Potato News 1.0.0 (user) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications =========================================================== Potato News 1.0.0 user Local File Inclusion Vulnerability =========================================================== 0x01 Informations: Name : Potato News 1.0.0 Download :...

Potato News 1.0.0 Local File Inclusion

0x01 Informations: Name : Potato News 1.0.0 Download : http://potato-news.googlecode.com/files/potatonews-1.0.0.zip Vulnerability : LFI Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/admin.php Code "; else echo ""; /code 0x03 Exploit: Exploi...

Potato News 1.0.0 - Local File Inclusion

Potato News 1.0.0 - Local File Inclusion 0x01 Informations: Name : Potato News 1.0.0 Download : http://potato-news.googlecode.com/files/potatonews-1.0.0.zip Vulnerability : LFI Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/admin.php Code ";...

Potato News 1.0.0 - Local File Inclusion

0x01 Informations: Name : Potato News 1.0.0 Download : http://potato-news.googlecode.com/files/potatonews-1.0.0.zip Vulnerability : LFI Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/admin.php Code "; else echo ""; /code 0x03 Exploit: Exploi...

Mailist 3.0 Insecure Backup / LFI

Mailist 3.0 Insecure Backup/Local File Inclusion + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + www.hellzone.info + www.anti-intruders.org + Homepage : http://ninjadesigns.co.uk/ + Download : http://ninjadesigns.co.uk/enter/mailist.zip + Insecure Backup - Vulnerable code in...

SilverNews 2.04 (Auth Bypass/LFI/RCE) Multiple Vulnerabilities

No description provided by source. 0x01 Informations: Name : SilverNews 2.04 Download : http://www.silver-scripts.de/scripts.php?script=SilverNews&l=en Vulnerability : Auth Bypass\LFI\RCE Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is...

SilverNews 2.04 (Auth Bypass/LFI/RCE) Multiple Vulnerabilities

Exploit for unknown platform in category web applications ============================================================== SilverNews 2.04 Auth Bypass/LFI/RCE Multiple Vulnerabilities ============================================================== 0x01 Informations: Name : SilverNews 2.04 Download :...

Mailist 3.0 - Insecure Backup / Local File Inclusion

Mailist 3.0 Insecure Backup/Local File Inclusion + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + www.hellzone.info + www.anti-intruders.org + Homepage : http://ninjadesigns.co.uk/ + Download : http://ninjadesigns.co.uk/enter/mailist.zip + Insecure Backup - Vulnerable code in...

txtBB 1.0 RC3 - HTML/JS Injection / Arbitrary Add Admin Privileges

var req = new XMLHttpRequest; req.open'POST', 'admin.php?action=users&type=edit&login=USERNICK&save=1', false; req.setRequestHeader'Content-Type', 'application/x-www-form-urlencoded'; req.send'signature=&avatar=&type=3&password=&submit=Zapisz'; milw0rm.com 2009-02-05...

CVE-2009-0275

Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/header via the header parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: the provenance...

CVE-2009-0275

CVE-2009-0275 affects Ryneezy phoSheezy 0.2 via a static code injection vulnerability in admin.php that lets an authenticated admin inject PHP into config/header (and related config/footer, header) and can be exploited via CVE-2009-0250 to facilitate unauthenticated access. The issue is documente...

CVE-2009-0275

Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/header via the header parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: the provenance...

CVE-2009-0251

Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: some of these...

CVE-2009-0251

Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: some of these...