ACG News 1.0 - aidcatid SQL Injection

ACG News 1.0 - aidcatid SQL Injection ACG News SQL Injection Software: ACG News 1.0 Vendor link: http://www.altercoder.com Vendor Demo link: http://acgnews.uw.hu/index.php Attack: SQL Injection Original Advisory: http://14house.blogspot.com/2007/08/acg-news-sql-injection.html Discovered by: David...

phpatm-rfi.txt

download page in : http://phpatm.free.fr/ bug in : phpatm injection attack : index.php?action=downloadfile&filename=index.php&directory=../& Dork in google : "powered by php advanced transfer manager" example :...

phpAtm 1.30 (downloadfile) Remote File Disclosure Vulnerability

Exploit for unknown platform in category web applications =============================================================== phpAtm 1.30 downloadfile Remote File Disclosure Vulnerability =============================================================== download page in : http://phpatm.free.fr/ bug in ...

phpAtm 1.30 - downloadfile Remote File Disclosure

phpAtm 1.30 - downloadfile Remote File Disclosure download page in : http://phpatm.free.fr/ bug in : phpatm injection attack : index.php?action=downloadfile&filename=index.php&directory=../& Dork in google : "powered by php advanced transfer manager" example :...

phpAtm 1.30 (downloadfile) Remote File Disclosure Vulnerability

No description provided by source. download page in : http://phpatm.free.fr/ bug in : phpatm injection attack : index.php?action=downloadfile&filename=index.php&directory=../& Dork in google : "powered by php advanced transfer manager" example :...

phpAtm 1.30 - 'downloadfile' Remote File Disclosure

download page in : http://phpatm.free.fr/ bug in : phpatm injection attack : index.php?action=downloadfile&filename=index.php&directory=../& Dork in google : "powered by php advanced transfer manager" example :...

PHP-Nuke 8.0 Final - 'INSERT' Blind SQL Injection (MySQL)

!/usr/bin/perl 0day exploit for PHP-nuke = 4.0.24, using 'brute force' Coded by:Maciej krasza [email protected] Screenshot: 0day exploit for PHP-nuke new; my $zadanie = HTTP::Request-newGET = $adres; my...

ContentNow 1.39 (pageid) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w use IO::Socket; use strict; ContentNow "pageid" Sql Injection Version : 1.39 Url : http://www.contentnow.mf4k.de Author : Alfredo 'revenge' Pesoli Advisory : http://www.0xcafebabe.it/advisory/contentnow139sqlinjection.txt Description: The...

PHP-Fusion 6.0.x - 'news.php' SQL Injection

source: https://www.securityfocus.com/bid/19908/info PHP-Fusion is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or...

XSS in Monster Top List | MTL 1.4

XSS in Monster Top List | MTL 1.4 --------------------------------- Software : Monster Top List --------------------------------- version : Monster Top List 1.4 --------------------------------- Exploit : www.site.com/index.phpusererrormessage=XSS-CODE --------------------------------- Discovery ...

Tricks of the trade of the invasion of Shaanxi, a University intranet-vulnerability warning-the black bar safety net

Recently black anti above there are many ways to invade College website to the article, mostly for the injection attack. Oh, in order to cater to the mass the trend, I also entered some of the University websites play a Play. Not, this time it found a Shaanxi College inside a site of injection...

TheWebForum 1.2.1 - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/16161/info TheWebForum is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities could result in a compromise of t...

CVE-2005-3850

CVE-2005-3850 describes a cross-site scripting (XSS) vulnerability in the OKBSYS Lite Edition 1.0 search.asp page. The issue allows remote attackers to inject arbitrary script/HTML via hex-encoded values in the q parameter. The vulnerability is page/file/parameter specific (search.asp, q) and the...

myBloggie "username" SQL Injection Vulnerability

Secunia Advisory: SA16699 Release Date: 2005-09-05 Critical: Moderately critical Impact: Security Bypass Manipulation of data Where: From remote Solution Status: Vendor Patch Software: myBloggie 2.x Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it...

Simple Machines Forum < 1.0.7 Code Injection

Binary data 3198.prm...

CVE-2005-2301

PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service failure to answer ldap questions and possibly conduct an LDAP injection attack...

DEBIAN-CVE-2005-2108

SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTPRAWPOSTDATA variable, which stores the data in an XML file...

Hosting Controller 6.1 - resellerresources.asp?jresourceid SQL Injection

Hosting Controller 6.1 - resellerresources.asp?jresourceid SQL Injection source: https://www.securityfocus.com/bid/13806/info Hosting Controller is reported prone to multiple vulnerabilities. These issues can allow an attacker gain unauthorized access to data and carry out SQL injection attacks...

CVE-2005-1169

Mafia Blog .4 BETA does not properly protect the admin directory, which allows remote attackers to execute arbitrary PHP code by using writeinfo.php to inject the code into info.php...

myBloggie 2.1.1

myBloggie 2.1.1 Vendor: http://www.mywebland.com/ When the comments are posted there's no check for "script" tags allowing a script injection attack. Proof of Concept scriptalert"Hi world!";/script ..-= DominusVis =-.. Infektion Group Brazil...