Fastspot BigTree 'admin.php' File Denial of Service Vulnerability

Fastspot BigTree is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A security vulnerability exists in the admin.php file in Fastspot BigTree 4.2.18 and earlier versions. A remote attacker can exploit this vulnerability to cause a denial of...

ZZCMS V8.0 SQL Injection Vulnerability in Multiple Parameters

ZZCMS is an enterprise website builder. ZZCMS V8.0 suffers from a SQL injection vulnerability, which allows attackers to exploit the vulnerability to obtain sensitive information from the database. The injection parameters include the following: zs/zs.php file 'pxzs' function;...

Quick.Cart 6.6 Cross Site Request Forgery

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Quick.Cart 6.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 09/07/2015 Disclosed to public: 10/07/2015 Release mode...

metinfo(m topology)of the enterprise website management system SQL injection vulnerability-vulnerability warning-the black bar safety net

The vulnerability occurs in the member/getpassword. php with admin/admin/getpassword. php file if$p $array = explode'.', base64decode$p; $sql="SELECT FROM $metadmintable WHERE adminid='".$ array0."'"; $sqlarray = $db-getone$sql; base64decode$pafter the value with explode split and then submitted ...

Fyblogs website management system vulnerability-vulnerability warning-the black bar safety net

Background universal password 'or'='or' The backend file management presence of the bypass. Lead to browse to where the letter information. Information leaked! admin/uploadfile. asp? currentFolder=/upfiles/../ Vulnerability to prove: Google: inurl:type. asp? id=1 News Center Or: inurl:downloadok...

elitecms 1.01 - SQL Injection Cross-Site Scripting

elitecms 1.01 - SQL Injection Cross-Site Scripting eliteCMS 1.01 SQL/XSS Multiple Remote Vulns by xenohive greets to daganarus, dearest of all my friends. SQL injection requires magicquotes = off -/includes/functions.php --------------------------------- 89. function getpagesettings ... 92. $quer...

CVE-2006-4268

CubeCart

INDEXU <= 5.0.1 (admin_template_path) Remote Include Vulnerabilities

No description provided by source. indexu remote file include -------------------------------------------------| Discovered By CrAshoVeRrIdE | Arabian Security Team | -------------------------------------------------| site of script:http://www.nicecoder.com/...

PT-2006-3529 · Nucleus · Nucleus

Name of the Vulnerable Software and Affected Versions: Nucleus versions 3.22 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSDIR LIBS parameter in the nucleus/libs/PLUGINADMIN.php file. Recommendations: For versions 3.22 and earlier...

PT-2005-2754 · Funkyasp · Funkyasp Ad System

Name of the Vulnerable Software and Affected Versions: FunkyASP AD System version 1.1 Description: The issue allows remote attackers to execute arbitrary SQL commands and gain privileges. This is achieved via the password parameter in the admin.asp file. Recommendations: For FunkyASP AD System...

Good Patch to Multiple [XSS] Vulnerabilities in PHP-Nuke 7.4

CODEBUG Labs Patch 1 Title: Multiple XSS Bug in admin.php Author: Pierquinto 'Mantra' Manco Product: PHP-Nuke 7.4 Web: http://www.mantralab.org Register to our site and receive our newsletter! - Patch Apply this code to your admin.php file: if !empty$HTTPGETVARS'admin' die"Shit! Mantra wins ="; i...