Mooseguy Blog System 1.0 (blog.php month) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ===================================================================== Mooseguy Blog System 1.0 blog.php month SQL Injection Vulnerability ===================================================================== MGBS 1.0 Remote SQL injection...

The coolest windows Backdoor-vulnerability warning-the black bar safety net

The back door principle: Go to: small Chapter blog http://blog.csdn.net/scz123/archive/2007/03/14/1528695.aspx In windows 2 0 0 0/xp/vista, press shift key 5 times, you can open the sticky position, 会运行sethc.exe and, in the login interface may also be open. It's reminiscent of a WINDOWS...

CVE-2007-6597

Multiple cross-site scripting XSS vulnerabilities in IPortalX before Build 033 allow remote attackers to inject arbitrary web script or HTML via the 1 KW and 2 SF parameters to forum/loginuser.asp, and 3 the Date parameter to blogs.asp...

Microsoft Office Publisher

I found two ways to cause a denial of service on the Microsoft Office Publisher, this is done by creating a malformed file with the following characteristics: The first is to create a new file and modifying hexadicimal with an editor from the direction 00006B90 to 00006D90 with the letter "A", th...

CVE-2007-6390

Cross-site request forgery CSRF vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting XSS attacks on the blog page...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting XSS attacks on the blog page...

CVE-2007-6390

CVE-2007-6390 affects the Serendipity mycalendar plugin (pre-0.13). The vulnerability is a CSRF flaw that could allow an attacker to perform actions as a blog administrator, which could be leveraged to enable or facilitate XSS on the blog page. Affected component: mycalendar plugin for Serendipit...

CVE-2007-6390

Cross-site request forgery CSRF vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting XSS attacks on the blog page...

QK SMTP Server 3 - Denial of service

Apparently this SMTP server crashes when creating a mail poorly trained causing a denial of service. Proof-of-concept HELO ../A/ 950 MAIL FROM: ../A/ 950 RCPT TO: ../A/ 950 data ../A/ 950 . Juan Pablo Lopez Yacubian http://fuzzertina.blogspot.com/...

Unfixed Script Insertion vulnerability at www.slf.forgottensea.org

Security researcher KaBuS, has submitted on 12/04/2007 a Script Insertion vulnerability affecting www.slf.forgottensea.org, which at the time of submission ranked 3224803 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/04/2007. It is current...

Unfixed XSS vulnerability at blog.365linux.cn

Security researcher Uber0n, has submitted on 11/12/2007 a cross-site-scripting XSS vulnerability affecting blog.365linux.cn, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 23/12/2007. It is currently...

Quick/Dirty Blog Categories.PHP本地文件包含漏洞

Quick And Dirty Blog是一款基于PHP的WEB应用程序。 Quick And Dirty Blog不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是由于'Categories.PHP'脚本对用户提交的'theme'参数缺少过滤，提交包含多个"../"字符作为参数，可绕过WEB ROOT限制，以WEB权限查看系统文件内容。 Quick and Dirty Blog 0.4 目前没有详细解决方案提供： http://sourceforge.net/projects/qdblog/...

quickdirty-lfi.txt

Quick and Dirty Blog 0.4 categories.php Local File Inclusion Vulnerability http://heanet.dl.sourceforge.net/sourceforge/qdblog/qdblog-0.4.tar.bz2 POC: /categories.php?theme=../../../../../../../../../etc/passwd%00...

Quick and Dirty Blog 0.4 (categories.php) Local File Inclusion Vuln

No description provided by source. Quick and Dirty Blog 0.4 categories.php Local File Inclusion Vulnerability http://heanet.dl.sourceforge.net/sourceforge/qdblog/qdblog-0.4.tar.bz2 POC: /categories.php?theme=../../../../../../../../../etc/passwd%00 sebug.net...

Oblog blog system vulnerabilities and use(eat)-vulnerability warning-the black bar safety net

Vulnerabilities platform: the Oblog blog system Platform version: The through eat Vulnerability name: password retrieve Harm degree:★★★☆☆ Oblog blog system password retrieve function there is a serious design bug. Using this vulnerability, intruders can be through your own structure form changes...

Quick and Dirty Blog 0.4 (categories.php) Local File Inclusion Vuln

Exploit for unknown platform in category web applications =================================================================== Quick and Dirty Blog 0.4 categories.php Local File Inclusion Vuln =================================================================== Quick and Dirty Blog 0.4 categories.p...

Simple PHP Blog (sphpblog) <= 0.5.1 Multiple Vulnerabilities

Title: Simple PHP Blog sphpblog = 0.5.1 Multiple Vulnerabilities Vendor: http://sourceforge.net/projects/sphpblog/ Advisory: http://acid-root.new.fr/?0:15 Author: DarkFig gmdarkfig at gmail dot com Released on: 2007/10/21 Changelog: ---------- L M H T Summary: Ip Spoofing X X Cross Site Scripting...

Simple PHP Blog (sphpblog) <= 0.5.1 Multiple Vulnerabilities

No description provided by source. Title: Simple PHP Blog sphpblog = 0.5.1 Multiple Vulnerabilities Vendor: http://sourceforge.net/projects/sphpblog/ Advisory: http://acid-root.new.fr/?0:15 Author: DarkFig gmdarkfig at gmail dot com Released on: 2007/10/21 Changelog: ---------- L M H T Summary: I...

Simple PHP Blog <= 0.5.1 Multiple Vulnerabilities

Binary data 4259.prm...

Simple PHP Blog (sPHPblog) 0.5.1 - Multiple Vulnerabilities

Simple PHP Blog sPHPblog 0.5.1 - Multiple Vulnerabilities Title: Simple PHP Blog sphpblog Released on: 2007/10/21 Changelog: ---------- L M H T Summary: Ip Spoofing X X Cross Site Scripting X X Session Fixation X X mail CRLF Injection X Local File Inclusion +CSRF X X File Deletion +CSRF X X File...