7736 matches found
CVE-2010-4917
SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows remote attackers to execute arbitrary SQL commands via the words parameter...
Sql injection
SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows remote attackers to execute arbitrary SQL commands via the words parameter...
CVE-2010-4917
SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows remote attackers to execute arbitrary SQL commands via the words parameter...
CVE-2010-4917
The CVE-2010-4917 issue affects A-Blog 2.0 (A-Blog Simple Blogging System) via the sources/search.php endpoint, where the words parameter is vulnerable to SQL injection due to insufficient input sanitization. Multiple sources (NVD entry and OpenVAS plugins) confirm a remote SQLi that could allow ...
DZ forum to blast a path summary-vulnerability warning-the black bar safety net
1, The manyou/admincp. php? mysuffix=%0A%0DSlhack 2, the ucenter/control/admin/db.php 3, the ucserver/control/admin/db.php 4, the forum.php/admin.php’/XXXXXXX.php 5, the source/class/classcore.php Excerpt from: Little Dragon blog...
Google Releases Chrome 14.0.835.163
Google has released Chrome 14.0.835.163 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...
Abroad a BLOG program 0day-vulnerability warning-the black bar safety net
Abroad a BLOG program 0day Batch: inurl:/admin/SiteEngineManager The use of EXp www.test.com/admin/SiteEngineManager/components/Editor/assetmanager/assetmanager.asp...
Solarftp v2.1.2 PASV buffer overflow msf module
Exploit for windows platform in category remote exploits Exploit Title: Solarftp v2.1.2 PASV buffer overflow Date: Aug 17, 2011 Author: qnix Software Link: http://solarftp.com/files/solarftps-setup.exe Version: 2.1.2 Tested on: Windows XP Universal Detailed info: http://0x80.org/blog/?p=545 requi...
Bo-Blog v1.4 单用户版分类列表文件读取漏洞
Bo-Blog 是一款基於PHP的、以MySQL為資料庫支持的免費blog程式 在文件“blog.php”中,功能“分类列表”。 参数“cat=”没有经过任何处理,直接使用“$allfiles=@file"$dirblog/$cat.php";”读文件。 导致如果提交文件名,那么就会直接读取该文件处理输出。 if $job=="showcat" //列出某个分类下所有entries if !fileexists"$dirblog/$cat.php" wronginfo"没有找到这个分类。"; unset $allfiles;...
8Pixel Blog CMS v4.2 - Cross Site Scripting Vulnerability
Document Title: =============== 8Pixel Blog CMS v4.2 - Cross Site Scripting Vulnerability Release Date: ============= 2011-08-14 Vulnerability Laboratory ID VL-ID: ==================================== 1 Product & Service Introduction: =============================== 8pixel.net developes...
D.R. Software Audio Converter 8.1 DEP Bypass Exploit
Exploit for windows platform in category local exploits !/usr/bin/perl +Exploit Title: D.R. Software Audio Converter 8.1 DEP Bypass Exploit +Date: 13\08\2011 +Author: C4SS!0 G0M3S +Software Link: http://download.cnet.com/Audio-Converter/3000-21404-10045287.html +Found By: Sud0 from Corelan...
Careernet SQL Injection
|=----=----=----=----=----=--------=| | | | /\ /\ \ /\ /\ \ | | //\ /\ \ \L\ \ \ \ \ Turki$ hackers | | \ \ \ \ \ =5 / +Exploit : / http://www.target.com/index.php?id=SQLi / +Demo: / http://blog.careernet.co.in/index.php?id=1SQLi / +admin page / http://careernet.co.in/cp/ / + talbe admin...
Fwd: {Lostmonґs Group} Internet Explorer 6, 7 and 8 Window.open race condition Vulnerability
Internet Explorer 6, 7 and 8 Window.open race condition Vulnerability Vendor URL: http://www.microsoft.com Advisore: http://lostmon.blogspot.com/2011/08/internet-explorer-6-7-and-8-windowopen.html Coordinate Dislcosure: YES exploit available: Private CVE-2011-1257 and MS011-57 Microsoft Internet...
BlackBerry blog site hacked by TriCk – TeaMp0isoN against London riots
BlackBerry blog site hacked by TriCk – TeaMp0isoN against London riots Hacking crew team TriCk – TeaMp0isoN today hack and deface the blog website of BlackBerry against London riots, One of the leading Mobile Company. They post a message also on homepage, as given below . Also There were calls on...
XpressEngine 1.4.5.7 Persistent XSS Vulnerability
Exploit for php platform in category web applications Exploit Title: XpressEngine version 1.4.5.7 Persistent XSS Vulnerability Date: 2011.08.08 Author: v0nSch3lling Software Link: http://www.xpressengine.com Version: 1.4.5.7 Tested on: Microsoft Windows XP SP2 Case 1. Memeber ManagementDelete...
Google Releases Chrome 13.0.782.107
Google has released Chrome 13.0.782.107 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to perform a cross-site scripting attack, or to execute arbitrary code. US-CERT encourages users and administrators to review the Goog...
WordPress Themes Vulnerability
TimThumb, a PHP script that is reused in many popular themes for the WordPress blog software, contains a vulnerability that allows a remote attacker to upload arbitrary PHP code to an affected site. US-CERT encourages users and administrators to: determine if any hosted blogs use TimThumb by...
ABC.go.com Cross Site Scripting
.. . . \ \ || | \ \ | | / \ | \ \ | | |\ / \ | \ | / / Y \ \ | / \ / / / |/\ /| / /| / / / /|| / / / / / / / / / abc.go.COM XSS vulnerability vendor: www.abc.go.com Author: Karthik R 3psil0nLambDa Email: [email protected] My blog: www.epsilonlambda.co.cc...
Google Enables Gmail Two-Factor Security in 150 Countries
Nearly six months after first introducing two-step verification for its Gmail service, Google has expanded the security feature to users outside the English-speaking world, opening it up to people in more than 150 countries. The company said on Thursday that it has enabled the two-step verificati...
Joomla Spo 1.5.x Local File Inclusion
Exploit Title: LFI Joomla Component MODSPO Google Dork: inurl:MODSPO Date: 15/07/2011 Author: Jbyte Software Link: http://extensions.joomla.org/extensions/style-a-design/accessibility/5974 Version: 1.5.x Tested on: Ubuntu 11.04, Windows xp This Component of joomla has LFILocal File Inclusion you...