WordPress plugin AllVideoGallery 1.1 /wp-content/plugins/all-video-gallery/config.php SQL注入漏洞

WordPress是一款非常流行的使用PHP开发的博客平台，其All Video Gallery插件1.1文件/wp-content/plugins/all-video-gallery/config.php在line 39中 $vid被毫无过滤的传入了SQL语句，造成了SQL注入漏洞。 WordPress plugin AllVideoGallery 1.1...

AdaptCMS 'config.php' SQL 注入漏洞

BUGTRAQ ID: 57674 AdaptCMS是Insane Visions发布的网站内容管理系统。 AdaptCMS 2.0.4及之前版本的config.php脚本没有正确过滤 'question'参数值，可允许攻击者在后端数据库中注入或操作SQL查询，导致操纵或泄漏任意数据。 0 AdaptCMS 2.0.2 AdaptCMS 2.0.1 AdaptCMS 2.0 厂商补丁： AdaptCMS -------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.adaptcms.com...

AdaptCMS 2.0.4 - config.php?question SQL Injection

AdaptCMS 2.0.4 - config.php?question SQL Injection Exploit Title: AdaptCMS = 2.0.4 SQL Injection vulnerability Date: 26/10/2012 Exploit Author: Kallimero Vendor Homepage: http://www.adaptcms.com/ Software Link: http://www.insanevisions.com/page/3/Downloads/ Version: 2.0.4 Tested on: Debian...

AdaptCMS 2.0.4 - 'config.php?question' SQL Injection

Exploit Title: AdaptCMS = 2.0.4 SQL Injection vulnerability Date: 26/10/2012 Exploit Author: Kallimero Vendor Homepage: http://www.adaptcms.com/ Software Link: http://www.insanevisions.com/page/3/Downloads/ Version: 2.0.4 Tested on: Debian Introduction ============ As you know, I love fun and...

Free Blog 1.0 Shell Upload / Arbitrary File Deletion

Free Blog 1.0 Multiple Vulnerability By cr4wl3r http://bastardlabs.info http://bastardlabs.info/exploits/FreeBlog.txt Software Link: http://blog.sdnex.com/ Tested: Ubuntu 12.04.1 LTS Proof of concept: Arbitrary File Upload Vulnerability http://bastardlabs/blogpath/up.php Shell will be available...

WordPress Plugin Google Document Embedder - Arbitrary File Disclosure (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rbmysql' class Metasploit3 'WordPress Plugin...

Xxe

Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity XXE injection attack, as demonstrated by reading config.php...

eliteCMS installation file did not validate + the word written to the security vulnerability-vulnerability warning-the black bar safety net

eliteCMS installation program after the installation is not locked, cause hackers can access setup addresses repeat the installation 另外 一 个 漏洞 是 安装 程序 可以 直接 写 入 一句话 到 admin/includes/config.php We look at the code: ... elseif $GET'step' == "4" $file = "../admin/includes/config.php"; $write = "?...

Wordpress HD Webplayer 1.1 SQL injection and fix-vulnerability warning-the black bar safety net

Title Wordpress HD Webplayer 1.1 SQL Injection Author: JoinSe7en Program website: http://www.hdwebplayer.com/ Software connected: http://hdwebplayer.com/downloads/hdwebplayerwordpress1.1.zip Affected version: Version 1.1 Tested System: Windows 7, Backtrack 5 r3...

WordPress Plugin HD Webplayer 1.1 - SQL Injection

WordPress Plugin HD Webplayer 1.1 - SQL Injection | | | | \ | | | \ /\ | | | | | | | | | | | | / \ | |/ / | ' \ | | | . | | | | / / /\ \ | | / | | | | | | | | || |\ | | | | | \ \ / \ |||,|| || || ||| | || || \// \ - JoinSe7en...

Wordpress HD Webplayer 1.1 SQL Injection Vulnerability

Exploit for php platform in category web applications | | | | \ | | | \ /\ | | | | | | | | | | | | / \ | |/ / | ' \ | | | . | | | | / / /\ \ | | / | | | | | | | | || |\ | | | | | \ \ / \ |||,|| || || ||| | || || \// \ - JoinSe7en...

WordPress Plugin HD Webplayer 1.1 - SQL Injection

| | | | \ | | | \ /\ | | | | | | | | | | | | / \ | |/ / | ' \ | | | . | | | | / / /\ \ | | / | | | | | | | | || |\ | | | | | \ \ / \ |||,|| || || ||| | || || \// \ - JoinSe7en +----------------------------------------------------------------------+ | Wordpress HD Webplayer 1.1 SQL Injection...

CVE-2011-5108

Cross-site scripting XSS vulnerability in config.php in AdaptCMS 2.0.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in config.php in AdaptCMS 2.0.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

phpMyBackupPro <= 2.2 Local File Inclusion Vulnerability

Exploit for php platform in category web applications :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com 2012-07-03 phpMyBackupPro = 2.2 Local File Inclusion Vulnerability Script:...

phpMyBackupPro 2.2 Local File Inclusion

:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com 2012-07-03 phpMyBackupPro = 2.2 Local File Inclusion Vulnerability Script: "phpMyBackupPro is a very easy to use, free, web-base...

OSClass 2.3.5 Directory Traversal

Advisory ID: CSA-12004 Title: OSClass directory traversal vulnerability Product: OSClass Version: 2.3.5 and probably prior Vendor: osclass.org Vulnerability type: Directory traversal Risk level: 2 / 3 Credit: www.codseq.it Vendor notification: 2012-01-25 Public disclosure: 2012-03-07 Original...

OSClass 2.3.x - Directory Traversal Arbitrary File Upload

OSClass 2.3.x - Directory Traversal Arbitrary File Upload source: https://www.securityfocus.com/bid/52336/info OSClass is prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability. An attacker can exploit these issues to obtain sensitive information and to upload...

OSClass 2.3.x - Directory Traversal / Arbitrary File Upload

source: https://www.securityfocus.com/bid/52336/info OSClass is prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability. An attacker can exploit these issues to obtain sensitive information and to upload arbitrary code and run it in the context of the webserver...

Rivettracker 1.03 - Multiple SQL Injections

Exploit Title: Multiple SQL injections in rivettracker =5.3.4 and backports we still have arbitary SQL queries but no config.php. config.php contains passwords and usernames for admin, user...