Fedora Core 10 FEDORA-2009-8538 (wordpress-mu)

The remote host is missing an update to wordpress-mu announced via advisory FEDORA-2009-8538. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C ...

TBDev2 SQL Injection / Remote File Inclusion

======================================= TBDev2 Blind SQL Inj3ct0r + RFI Exploit ======================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database...

Fedora 11 : wordpress-mu-2.8.4a-1.fc11 (2009-8529)

Update spans MU-versions for the following security releases from upstream: http://wordpress.org/development/2009/08/2-8-4-security-release/ http://wordpress.org/development/2009/08/wordpress-2-8-3-security-rele ase/ - Backport of XSS fixes from WordPress 2.8.2 Backport of security fixes for...

Authentication flaw

admin.php in TurnkeyForms Text Link Sales allows remote attackers to bypass authentication and gain administrative privileges via a direct request...

CVE-2008-6963

CVE-2008-6963 affects TurnkeyForms Text Link Sales (admin.php). The vulnerability allows remote attackers to bypass authentication and gain administrative privileges through a direct request. Documents describe the flaw and its impact but do not provide a patch version, workaround, or explicit re...

Cross site scripting

Cross-site scripting XSS vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an editform action, related to admin.php...

Code injection

Static code injection vulnerability in admin/admin.php in mxCamArchive 2.2 allows remote authenticated administrators to inject arbitrary PHP code into an unspecified program via the description parameter, which is executed by invocation of index.php. NOTE: some of these details are obtained from...

CVE-2008-6946

Cross-site scripting XSS vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an editform action, related to admin.php...

CVE-2008-6947

CVE-2008-6947 affects Collabtive 0.4.8. The vulnerability allows remote attackers to bypass authentication and create new users (including administrators) through an unspecified vector related to the added mode in a users action to admin.php. The connected sources (NVD, CVE listings, and related ...

CVE-2008-6946

CVE-2008-6946 describes a cross-site scripting (XSS) vulnerability in Collabtive 0.4.8. The issue affects manageproject.php where the project name is not properly sanitized during an admin editform action, enabling user-assisted remote attackers to inject arbitrary web script or HTML. The core de...

Sql injection

SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter...

CVE-2009-2735

SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter...

CVE-2009-2735

The CVE-2009-2735 entry describes an SQL injection in sun-jester OpenNews 1.0, via admin.php when magic_quotes_gpc is disabled. The vulnerability affects the username parameter, enabling remote attackers to execute arbitrary SQL commands. This is documented in NVD and mirrored in multiple referen...

CVE-2008-6917

SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 Final allows remote attackers to execute arbitrary SQL commands via the username user parameter...

Sql injection

SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action...

CVE-2009-2639

SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action...

CVE-2009-2639

CVE-2009-2639 affects MRCGIGUY The Ticket System 2.0 (admin.php) where the viewticket action vulnerable to SQL injection via the id parameter. Root cause is unsafely concatenated SQL in the vulnerable endpoint, enabling remote arbitrary SQL execution. Consequences described are arbitrary SQL comm...

CVE-2009-2639

SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action...

MCshoutbox 1.1 (SQL/XSS/Shell) Multiple Remote Vulnerabilities

No description provided by source. + MCshoutbox 1.1 SQL/XSS/Shell Multiple Remote Vulnerabilities + Discovered By SirGod + http://insecurity-ro.org + http://h4cky0u.org Homepage : http://www.maniacomputer.com/dload/MCshoutboxDownloadPage.html + SQL Injection Login Bypass - Note : magicquotesgpc =...

MCshoutbox 1.1 (SQL/XSS/Shell) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ============================================================== MCshoutbox 1.1 SQL/XSS/Shell Multiple Remote Vulnerabilities ============================================================== + MCshoutbox 1.1 SQL/XSS/Shell Multiple Remote...