7701 matches found
PT-2009-14: BLOG CMS Cross-Site Scripting Vulnerability
BLOG CMS is a content management system CMS software, usually implemented as a Web application, for creating and managing HTML content. It is used to manage and control a large, dynamic collection of Web material HTML documents and their associated images. Vulnerability Description Positive...
Linux/x86 - Force Reboot Shellcode (36 bytes)
Linux/x86 - Force Reboot Shellcode 36 bytes. Shellcode exploit for Linuxx86 platform Linux/x86 Force Reboot shellcode 36 bytes Author: Hamza Megahed Twitter: @HamzaMega blog: hamza-megadotblogspotdotcom E-mail: hamzadotmegahedatgmaildotcom xor %eax,%eax push %eax push $0x746f6f62 push $0x65722f6e...
PHP-Fusion Mod TI Blog System SQL Injection
PHP-Fusion Mod TI - Blog System Sql Injection AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download :...
CVE-2008-5775
SQL injection vulnerability in categories.php in Aperto Blog 0.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2008-5780
Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb...
CVE-2008-5776
Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the 1 action parameter to admin.php and the 2 get parameter to index.php. NOTE: in some environments, this can be leveraged fo...
Directory traversal
Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the 1 action parameter to admin.php and the 2 get parameter to index.php. NOTE: in some environments, this can be leveraged fo...
Sql injection
SQL injection vulnerability in categories.php in Aperto Blog 0.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2008-5780
Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb...
CVE-2008-5776
CVE-2008-5776 affects Aperto Blog 0.1.1. The vulnerability is a directory traversal in the (1) action parameter to admin.php and (2) get parameter to index.php, enabling remote attackers to include and execute arbitrary local files. In some environments, this can be leveraged for remote file incl...
CVE-2008-5775
The CVE-2008-5775 entry concerns an SQL injection vulnerability in the Aperto Blog 0.1.1 product, specifically in categories.php where the id parameter can be manipulated to execute arbitrary SQL. The underlying issue is a lack of input validation/sanitization for the id parameter, enabling an at...
CVE-2008-5775
SQL injection vulnerability in categories.php in Aperto Blog 0.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2008-5780
Forest Blog 1.3.2 stores sensitive data under the web root with insufficient access control, allowing remote attackers to download the database file blog.mdb via a direct request. Affected software: Forest Blog 1.3.2. Vulnerable element: the stored database file with passwords. Impact: exposure o...
CVE-2008-5776
Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the 1 action parameter to admin.php and the 2 get parameter to index.php. NOTE: in some environments, this can be leveraged fo...
BLOG 1.55B File Upload
Piker BLOG v1.55B Arbitrary File Upload Vulnerability Affected software: BLOG v1.55B prior versions can be affected Vendor: http://sourceforge.net/projects/kafooeyblog/ Risk: High http://target/path/lib/imageupload.php This script only checks if the file you are uploading is not a text/plain file...
PHP-Fusion Mod TI - id SQL Injection
PHP-Fusion Mod TI - id SQL Injection PHP-Fusion Mod TI - Blog System Sql Injection AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download :...
PHP-Fusion Mod TI (id) Remote SQL Injection Vulnerability
No description provided by source. PHP-Fusion Mod TI - Blog System Sql Injection AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download :...
PHP-Fusion Mod TI (id) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ========================================================= PHP-Fusion Mod TI id Remote SQL Injection Vulnerability ========================================================= PHP-Fusion Mod TI - Blog System Sql Injection AUTHOR : Sina...
PHP-Fusion Mod TI - 'id' SQL Injection
PHP-Fusion Mod TI - Blog System Sql Injection AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download :...
Sql injection
SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the id parameter...