4978 matches found
CVE-2005-4396
Cross-site scripting XSS vulnerability in admin/Default.asp in iCMS allows remote attackers to inject arbitrary web script or HTML via the LoginMSG parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources...
Relative Real Estate Systems SQL inj. vuln.
Relative Real Estate Systems SQL inj. vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 Orginal advisory:http://pridels.blogspot.com/2005/12/relative-real-estate-systems-sql-inj.html Vendor:http://www.dboorn.com/estate/ affected version:1.02 and prior Product Description: Elegant real estate scrip...
AllWeb search SQL inj. vuln.
AllWeb search SQL inj. vuln. Vuln. dicovered by : r0t Date: 28 nov. 2005 orginal advisory:http://pridels.blogspot.com/2005/11/allweb-search-sql-inj-vuln.html Vendor:http://www.scripts-templates.com affected version: 3.0 and prior Product Description: Want to make money from your site traffic?...
Amazon Shop 5.0.0 XSS vuln.
Amazon Shop 5.0.0 XSS vuln. Vuln. dicovered by : r0t Date: 26 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/amazon-shop-500-xss-vuln.html Vendor:http://www.ghostscripter.com/amazonshop.php affected version:5.0.0 and prior Product description: With Amazon Shop you can run your ver...
pdjk-support suite sql inj.
pdjk-support suite sql inj. Vuln. dicovered by : r0t Date: 25 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/pdjk-support-suite-sql-inj.html Vendor:http://support.pdjkeelan.com/ affected vesion: 1.1a retail edition and prior. Product Description: The pdjk-support suite is a full...
AlstraSoft EPay Pro "pmodule" SQL Injection Vulnerability
AlstraSoft EPay Pro "pmodule" SQL Injection Vulnerability Vuln. dicovered by : r0t Vendor:http://www.alstrasoft.com/ Product link: http://www.alstrasoft.com/epay.htm affected version:v2.0 Product Overview: How would you like to own your very own payment processing website and business built with...
CVE-2005-3679
SQL injection vulnerability in admin/index.php in ActiveCampaign 1-2-All Broadcast Email allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username field in the admin control panel...
CVE-2005-3679
SQL injection vulnerability in admin/index.php in ActiveCampaign 1-2-All Broadcast Email allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username field in the admin control panel...
Failles dans Invision Power Board 2.1 [xss]
Auteur : benjilenoob WebSite : http://benji.redkod.org/ and http://www.redkod.org/ Audit in pdf : http://benji.redkod.org/audits/ipb.2.1.pdf Produit : Invision power board Version : 2.1 Types de failles : Xss permanentes et non permanentes. Risque : Faible. I- failles XSS non critique:...
SEO borad: SQL injection
Product: SEO-Board Version: 1.02 Author: Hristo Hristov URL: http://seo-board.com VULNERABILITY CLASS: SQL injection through cookie PRODUCT DESCRIPTION SEO-Board is a forum software that's fast, free, and search engine friendly. It is written in PHP and use MySQL database. VULNERABILITY Vulnerabl...
[BuHa-Security] Multiple vulnerabilities in (admincp/modcp of) vBulletin 3.0.8/9
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 --------------------------------------------------- | BuHa Security-Advisory 3 | Sep 17th, 2005 | | feat. SePro Bugtraq | | --------------------------------------------------- | Vendor | vBulletin | | URL | http://vbulletin.com/ | | Version | =...
XSS in GreyMatter blog
Graymatter - perl based web blog. offsite: http://www.greymatterforums.com/ GM analyze posting comments and if post contain some dangerous code like script/script, administrator get message about it in log files. Log files contain not only message, but dangerous code. When admin try to look log...
greymatterXSS.txt
Graymatter - perl based web blog. offsite: http://www.greymatterforums.com/ GM analyze posting comments and if post contain some dangerous code like , administrator get message about it in log files. Log files contain not only message, but dangerous code. When admin try to look log files Admin...
gurgens21.txt
Update: 1:02 AM 5/13/2005 Subject: " Gurgens Guest Book Password Database Vulnerability " Vulnerable version: Guest Book 2.1 Description: Guest Book is a complete solution which requires none or very little effort to set up and match existing website configuration. Control Panel with "Virtual...
cjultraSQL.txt
ADVISORY Sql Injection in CJ Ultra Plus v1.0.3-1.0.4? "My God, it's full of stars" - c MwNN Vulnerable code is in out.php ... if isset$perm $query = "select a1, a2 from trade where a1 = '$perm'"; So... Exploit:...
[SVadvisory] - SQL injection in OpenBook 1.2.2
SVadvisory12 Title: SQl injection Product: OpenBook Version: 1.2.2 Site: http://openbook.sourceforge.net/ Vulnerabilities Code: function authuser$userid, $password global $HTTPPOSTVARS; global $admintable; $userid=$HTTPPOSTVARS'userid'; $password=$HTTPPOSTVARS'password'; dbconnect; $query="SELECT...
[SVadvisory] - SQL injection in OpenBook 1.2.2
SVadvisory12 Title: SQl injection Product: OpenBook Version: 1.2.2 Site: http://openbook.sourceforge.net/ Vulnerabilities Code: function authuser$userid, $password global $HTTPPOSTVARS; global $admintable; $userid=$HTTPPOSTVARS'userid'; $password=$HTTPPOSTVARS'password'; dbconnect; $query="SELECT...
CVE-2005-1998
Directory traversal vulnerability in admin.php in McGallery 1.1 allows remote attackers to read arbitrary files via a .. dot dot in the lang parameter...
[Full-disclosure] Invision Power Board 1.x and 2.x Privilege Escalation Vulnerability
If an non-root admin goes to delete their own group, they are taken to a screen that says "Move users in this group to..." in which they can select the root admin group and move themselves into it. actually, they can move all users in any group into the root admin group root admins have complete...
CVE-2005-1512
CVE-2005-1512 concerns the Admin panel of PwsPHP 1.2.2 , where the upload validation for image files is inadequate. The vulnerability allows remote attackers to upload potentially arbitrary files, which could lead to arbitrary code execution on the server. The CVSS details from the entry indicate...