CVE-2008-4877

SQL injection vulnerability in admin.php in WebCards 1.3, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: some of these details are obtained from third party information...

CVE-2008-4700

SQL injection vulnerability in admin.php in Libera CMS 1.12 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the liberastaffpass cookie parameter...

CVE-2008-4700

CVE-2008-4700 affects Libera CMS 1.12 and earlier. The vulnerable component is admin.php where, if magic_quotes_gpc is disabled, an attacker can inject SQL via the libera_staff_pass cookie parameter, enabling remote arbitrary SQL execution. The connected records also mention a separate vector for...

LokiCMS 0.3.4 writeconfig() Remote Command Execution Exploit

No description provided by source. Author: GiReX Homepage: http://girex.altervista.org CMS: LokiCMS 0.3.4 URL: http://www.lokicms.com/ Description: LokiCMS is still vulnerable to Remote Command Execution see: http://milw0rm.com/exploits/5408 The exploit changed becouse the vars changed but the...

LokiCMS 0.3.4 (admin.php) Create Local File Inclusion Exploit

No description provided by source. LokiCMS 0.3.4 admin.php Create Local File Inclusion Exploit url: http://www.lokicms.com/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use it at your own...

lokicms-lfi.txt

LokiCMS 0.3.4 admin.php Create Local File Inclusion Exploit url: http://www.lokicms.com/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use it at your own risk. Author will be not responsibl...

lokicms034-exec.txt

Author: GiReX Homepage: http://girex.altervista.org CMS: LokiCMS 0.3.4 URL: http://www.lokicms.com/ Description: LokiCMS is still vulnerable to Remote Command Execution see: http://milw0rm.com/exploits/5408 The exploit changed becouse the vars changed but the bugged function is the same:...

LokiCMS 0.3.4 - admin.php Create Local File Inclusion

LokiCMS 0.3.4 - admin.php Create Local File Inclusion LokiCMS 0.3.4 admin.php Create Local File Inclusion Exploit url: http://www.lokicms.com/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose...

LokiCMS 0.3.4 (admin.php) Create Local File Inclusion Exploit

Exploit for unknown platform in category web applications ============================================================= LokiCMS 0.3.4 admin.php Create Local File Inclusion Exploit ============================================================= LokiCMS 0.3.4 admin.php Create Local File Inclusion...

LokiCMS 0.3.4 - 'admin.php' Create Local File Inclusion

LokiCMS 0.3.4 admin.php Create Local File Inclusion Exploit url: http://www.lokicms.com/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use it at your own risk. Author will be not responsibl...

CVE-2008-4526

Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the skin parameter to 1 index.php, 2 forums.php, 3 admin.php, 4 header.php, 5 pages/story.php and 6 pages/poll.php...

Directory traversal

Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the skin parameter to 1 index.php, 2 forums.php, 3 admin.php, 4 header.php, 5 pages/story.php and 6 pages/poll.php...

CCMS 3.1 - skin Local File Inclusion

CCMS 3.1 - skin Local File Inclusion + CCMS 3.1 skin Multiple Local File Inclusion Vulnerabilities + Discovered By SirGod + wWw.MorTal-TeaM.OrG + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,HrN,kemrayz,007m,Raven,Nytr0gen,str0ke + Download Script :...

E-Uploader Pro 1.0 - Multiple SQL Injections

E-Uploader Pro = 1.0 SQL Injection Vulnerability Author: !DoktOR! Date found: 26.08.08 Product: E-Uploader Pro Version: 1.0 Price: $49 URL: www.scriptsfrenzy.com Download script: http://rapidshare.com/files/18285945/E-UploaderPro.PHP.NULL-DGTlicense.zip Vulnerability Class: SQL Injection Conditio...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in Quick.Cart 3.1 allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2008-4140

CVE-2008-4140 is an XSS vulnerability in Quick.Cart 3.1, exploitable via the query string to admin.php. The issue arises from unsanitized input in the admin.php handling, allowing remote attackers to inject arbitrary web script or HTML. The CVE’s context indicates the vulnerability affects Quick....

CVE-2008-4140

Cross-site scripting XSS vulnerability in admin.php in Quick.Cart 3.1 allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2008-4139

CVE-2008-4139 describes a Cross-site Scripting (XSS) vulnerability in OpenSolution Quick.Cms.Lite 2.1, specifically in admin.php, where an attacker can inject arbitrary script/HTML via the query string. The available sources confirm the affected component but do not provide details on root cause ...

quickcart-xss.txt

Application: Quick.Cart v3.1 Freeware Authors Site: http://opensolution.org/quick.cart,en,9.html +--------------------------------------------------------------+ XSS: http://www.victim.com/admin.php?"alertdocument.cookie" +-Notes:-----------------------------------------------------+ This only...

Quick Cart 3.1 - 'admin.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/31216/info Quick.Cart is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context...