[Full-disclosure] Mini Web Shop v.2 vulnerable to XSS

-=--------------------ADVISORY-------------------=- Mini Web Shop V.2 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Mini Web Shop -=+ Version: 2 -=+ Vendor's URL: http://obiewebsite.sourceforge.net/o.php?MiniWebShop -=+ Platform:...

vBulletin <= 3.6.4 (inlinemod.php postids) Remote SQL Injection Exploit

No description provided by source. ?php printr' ----------------------------------------------------------------------------- vBulletin = 3.6.4 inlinemod.php "postids" sql injection / privilege escalation by session hijacking exploit by rgod mail: retrog at alice dot it site:...

vBulletin 3.6.4 - 'inlinemod.php?postids' SQL Injection

input-cleanarraygpc'p', array 'postids' = TYPESTR, ; $postids = explode',',...

zpanel.txt

ZPanel Remote File Inclusion ZPanel is a hosting control panel used by web hosts to give their users a friendly interface to manage any aspects of their hosting or account information. ZPanel is an open source project and runs on Windows and Linux. zpanel tested on : Windows : 2000 Adv. Server,20...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Admin Control Panel AdminCP in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the 1 User Group Manager, 2 User Rank Manager, 3 User Title Manager, ...

CVE-2007-0830

Multiple cross-site scripting XSS vulnerabilities in the Admin Control Panel AdminCP in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the 1 User Group Manager, 2 User Rank Manager, 3 User Title Manager, ...

CVE-2007-0830

Multiple cross-site scripting XSS vulnerabilities in the Admin Control Panel AdminCP in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the 1 User Group Manager, 2 User Rank Manager, 3 User Title Manager, ...

SYSCP 1.2.15 - System Control Panel CronJob Arbitrary Code Execution

SYSCP 1.2.15 - System Control Panel CronJob Arbitrary Code Execution source: https://www.securityfocus.com/bid/22453/info SysCP is prone to an arbitrary code-execution vulnerability. An attacker can exploit this issue to execute arbitrary commands with superuser privileges, resulting in the...

VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability

VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability vBulletin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker could exploit this vulnerability to have arbitrary script code execute in the...

Login Manager Multiple HTML Injections

Login Manager Multiple HTML Injections Login Manager is a powerful, robust system that enables web administrators to manage website user accounts easily, create membership protected areas, and effortlessly prevent unauthorized user access to secured areas. Login Manager 3 “LM3” uses PHP and MySQL...

All In One Control Panel SQL注入漏洞

All In One Control Panel是一款基于PHP的WEB应用程序。 All In One Control Panel不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 问题是多个脚本对用户提交的WEB参数缺少过滤，提交恶意脚本代码作为参数数据，可导致获得敏感信息。 AIOCP AIOCP 1.3.9 AIOCP AIOCP 1.3.7 AIOCP AIOCP 1.3.6 AIOCP AIOCP 1.3.5 AIOCP AIOCP 1.3.4 目前没有解决方案提供： http://sourceforge.net/projects/aiocp/...

Sql injection

SQL injection vulnerability in shared/code/cpfunctionsdownloads.php in Nicola Asuni All In One Control Panel AIOCP before 1.3.009 allows remote attackers to execute arbitrary SQL commands via the downloadcategory parameter...

CVE-2007-0223

SQL injection vulnerability in shared/code/cpfunctionsdownloads.php in Nicola Asuni All In One Control Panel AIOCP before 1.3.009 allows remote attackers to execute arbitrary SQL commands via the downloadcategory parameter...

[SA23726] All In One Control Panel "download_category" SQL Injection

TITLE: All In One Control Panel "downloadcategory" SQL Injection SECUNIA ADVISORY ID: SA23726 VERIFY ADVISORY: http://secunia.com/advisories/23726/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: All In One Control Panel 1.x http://secunia.com/product/12505...

All In One Control Panel 1.3.x - 'cp_downloads.php?did' SQL Injection

source: https://www.securityfocus.com/bid/22032/info All In One Control Panel is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the...

CVE-2006-6566

PHP remote file inclusion vulnerability in includes/profilcpconstants.php in the Profile Control Panel CPanel module for mxBB 0.91c allows remote attackers to execute arbitrary PHP code via a URL in the modulerootpath parameter...

EUVD-2006-6549

PHP remote file inclusion vulnerability in includes/profilcpconstants.php in the Profile Control Panel CPanel module for mxBB 0.91c allows remote attackers to execute arbitrary PHP code via a URL in the modulerootpath parameter...

AR Memberscript - usercp_menu.php Remote File Inclusion

AR Memberscript - usercpmenu.php Remote File Inclusion Author: ex0 armemberscript - remote file include vulnerability all versions There is no vendo patch, and doubt there will be. I havnt been able to get in touch with the vendor for 2 months armemberscript is a script used by many anime sites t...

mxBB Module Profile Control Panel 0.91c Remote File Include Vulnerability

mxBB Module Profile Control Panel 0.91c Remote File Include Vulnerability Bugfound3R: bd0rk || SOH-Crew Website: www.soh-crew.it.tt Greetz: str0ke, Lu7k, TheJT, Natok Download: http://www.mx-system.com/modules/mxpafiledb/dload.php?action=download&fileid=70 == Vulnerable Code in...

MXBB Profile Control Panel 0.91c - Module Remote File Inclusion

MXBB Profile Control Panel 0.91c - Module Remote File Inclusion source: https://www.securityfocus.com/bid/21520/info The mxBB profile Control Panel module is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this...