EUVD-2008-1358

Malware in sbrugna...

Sql injection

SQL injection vulnerability in the Tutorials 2.1b module for XOOPS allows remote attackers to execute arbitrary SQL commands via the tid parameter to printpage.php, which is accessible directly or through a printpage action to index.php...

CVE-2008-1351

CVE-2008-1351 describes an SQL injection in the XOOPS Tutorials 2.1b module. The vulnerable entry point is printpage.php, where the tid parameter can be exploited to execute arbitrary SQL commands, reachable directly or via a printpage action to index.php. The associated references (Exploit-DB, S...

Code injection

admin/index.php in AV Arcade 2.1b grants administrative privileges when the avauserid cookie value is 1, which allows remote attackers to perform certain administrative actions...

CVE-2007-3643

admin/index.php in AV Arcade 2.1b grants administrative privileges when the avauserid cookie value is 1, which allows remote attackers to perform certain administrative actions...

CVE-2007-3643

CVE-2007-3643 affects AV Arcade 2.1b. The vulnerability arises in admin/index.php where the ava_userid cookie value of 1 grants administrative privileges, enabling remote attackers to perform certain admin actions. The root cause is improper authentication/authorization tied to the ava_userid coo...

CVE-2007-3643

admin/index.php in AV Arcade 2.1b grants administrative privileges when the avauserid cookie value is 1, which allows remote attackers to perform certain administrative actions...

Sql injection

SQL injection vulnerability in includes/viewpage.php in AV Arcade 2.1b allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewpage action to index.php...

CVE-2007-3563

SQL injection vulnerability in includes/viewpage.php in AV Arcade 2.1b allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewpage action to index.php...

AV Arcade 2.1b (COOKIE[ava_userid]) Get Admin Rights

AV Arcade 2.1b COOKIEavauserid Get Admin Rights Web: AV Arcade 2.1b Site : www.avscripts.net Dork : "Powered By AV Arcade" Author: Kw3rLn tehlostbyteatYaHoOd0tCom Romanian Security Team Ethical Hacking - hTTp://RSTZONE.nET Vurnerable code: admin/index.php: $sql = mysqlquery"SELECT FROM avausers...

avarcade-admin.txt

AV Arcade 2.1b COOKIEavauserid Get Admin Rights Web: AV Arcade 2.1b Site : www.avscripts.net Dork : "Powered By AV Arcade" Author: Kw3rLn tehlostbyteatYaHoOd0tCom Romanian Security Team Ethical Hacking - hTTp://RSTZONE.nET Vurnerable code: admin/index.php: $sql = mysqlquery"SELECT FROM avausers...

AV Arcade 2.1b (index.php id) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================ AV Arcade 2.1b index.php id Remote SQL Injection Vulnerability ================================================================ Web: AV Arcade 2.1b Site : www.avscripts.net...

AV Arcade 2.1b - 'index.php?id' SQL Injection

Web: AV Arcade 2.1b Site : www.avscripts.net Dork : "Powered By AV Arcade" Author: Kw3rLn tehlostbyteatYaHoOd0tCom Romanian Security Team Ethical Hacking - hTTp://RSTZONE.nET Description: SQL injection in $id of includes/viewpage.php Exploit:...

AV Arcade 2.1b - index.php?id SQL Injection

AV Arcade 2.1b - index.php?id SQL Injection Web: AV Arcade 2.1b Site : www.avscripts.net Dork : "Powered By AV Arcade" Author: Kw3rLn tehlostbyteatYaHoOd0tCom Romanian Security Team Ethical Hacking - hTTp://RSTZONE.nET Description: SQL injection in $id of includes/viewpage.php Exploit:...

CVE-2006-5637

PHP remote file inclusion vulnerability in faqreply.php in Faq Administrator 2.1b allows remote attackers to execute arbitrary PHP code via a URL in the email parameter...

CVE-2006-5637

CVE-2006-5637 describes a PHP remote file inclusion vulnerability in Faq Administrator 2.1b, where an attacker can invoke arbitrary PHP code via a URL supplied in the email parameter of faq_reply.php. The NVD entry lists a base score of 7.5 (HIGH) with network access and low attack complexity, im...

Faq Administrator 2.1 (faq_reply.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ======================================================================= Faq Administrator 2.1 faqreply.php Remote File Include Vulnerability =======================================================================...

Faq Administrator 2.1 - faq_reply.php Remote File Inclusion

Faq Administrator 2.1 - faqreply.php Remote File Inclusion ================================================================== Faq Administrator RFI ================================================================== Info:- Scripts: Faq Administrator...

Orca KnowledgeBase 2.1 - 'KnowledgeBase.php' SQL Injection

source: https://www.securityfocus.com/bid/15637/info Orca Knowledgebase is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of t...