1446 matches found
Mynews 0.10 - Authentication Bypass
Mynews 0.10 - Authentication Bypass 0x01 Informations: Name : Mynews 010 Download : http://prdownloads.sourceforge.net/mynews/mynewsbeta010.zip?download Vulnerability : Auth Bypass Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/login.php Cod...
AuthPhp 1.0 (Auth Bypass) SQL Injection Vulnerability
Exploit for unknown platform in category web applications ===================================================== AuthPhp 1.0 Auth Bypass SQL Injection Vulnerability ===================================================== 0x01 Informations: Name : AuthPhp 1.0 Download :...
Mynews 0_10 (Auth Bypass) SQL Injection Vulnerability
No description provided by source. 0x01 Informations: Name : Mynews 010 Download : http://prdownloads.sourceforge.net/mynews/mynewsbeta010.zip?download Vulnerability : Auth Bypass Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/login.php Code...
AuthPhp 1.0 - Authentication Bypass
0x01 Informations: Name : AuthPhp 1.0 Download : http://frankmancuso.ca/downloads/authphp/authphp-stable-1.0.zip Vulnerability : Auth Bypass Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/login.php Code $username = $POST'username'; $passwd =...
BlueBird Pre-Release - Authentication Bypass
0x01 Informations: Name : BlueBird Pre-Release Download : http://downloads.sourceforge.net/bluebird/bluebirdpre.zip Vulnerability : Auth Bypass Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/login.php Code if $request == "POST" $username =...
Mynews 0.10 - Authentication Bypass
0x01 Informations: Name : Mynews 010 Download : http://prdownloads.sourceforge.net/mynews/mynewsbeta010.zip?download Vulnerability : Auth Bypass Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/login.php Code if $request == "POST" $username =...
Sql injection
SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 allows remote attackers to execute arbitrary SQL commands via the username parameter...
CVE-2009-0407
CVE-2009-0407 affects PHP-CMS Project 1 and is caused by an SQL injection in admin/login.php, exploitable through the username parameter to allow remote execution of arbitrary SQL commands. Connected sources corroborate this vulnerability description; no specific patch version or remediation deta...
CVE-2009-0394
The CVE-2009-0394 entry describes a SQL injection vulnerability in the login.php of Pre Lecture Exercises (PLEs) CMS 1.0 beta 4.2 . An attacker can exploit the vulnerability by supplying a crafted value to the school parameter , potentially allowing remote execution of arbitrary SQL commands. The...
CVE-2009-0394
SQL injection vulnerability in login.php in Pre Lecture Exercises PLEs CMS 1.0 beta 4.2 allows remote attackers to execute arbitrary SQL commands via the school parameter...
PHP-CMS Project login.php远程SQL注入漏洞
BUGTRAQ ID: 33473 PHP-CMS Project是一种基于Web的内容管理系统。 PHP-CMS Project的实现上存在输入验证漏洞,远程攻击者可能利用此漏洞控制服务器应用系统。 PHP-CMS Project的login.php脚本没有充分检查过滤用户提交的参数数据,攻击者者可以在输入中插入SQL语句获取对后台数据库的非授权操作。 PHP-CMS Project 1 厂商补丁: PHP-CMS Project --------------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
Sql injection
SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta allows remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
PLE CMS 1.0 beta 4.2 (login.php school) Blind SQL Injection Exploit
No description provided by source. --+++==============================================================+++-- --+++====== PLE CMS 1.0 beta 4.2 Blind SQL Injection Exploit ======+++-- --+++==============================================================+++-- ?php function query $user, $pos, $chr $quer...
PLE CMS 1.0 beta 4.2 (login.php school) Blind SQL Injection Exploit
Exploit for unknown platform in category web applications =================================================================== PLE CMS 1.0 beta 4.2 login.php school Blind SQL Injection Exploit ===================================================================...
Oracle Secure Backup login.php rbtool command injection
Added: 01/20/2009 CVE: CVE-2008-5448 BID: 33177 OSVDB: 51342 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command injection vulnerability in the Oracle Secure Backup web interface allows a remote attacker to execute arbitrary...
Oracle Secure Backup login.php rbtool command injection
Added: 01/20/2009 CVE: CVE-2008-5448 BID: 33177 OSVDB: 51342 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command injection vulnerability in the Oracle Secure Backup web interface allows a remote attacker to execute arbitrary...
Oracle Secure Backup login.php rbtool command injection
Added: 01/20/2009 CVE: CVE-2008-5448 BID: 33177 OSVDB: 51342 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command injection vulnerability in the Oracle Secure Backup web interface allows a remote attacker to execute arbitrary...
Oracle Secure Backup login.php rbtool command injection
Added: 01/20/2009 CVE: CVE-2008-5448 BID: 33177 OSVDB: 51342 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command injection vulnerability in the Oracle Secure Backup web interface allows a remote attacker to execute arbitrary...
Syzygy CMS 0.3 - Authentication Bypass
Syzygy CMS 0.3 - Authentication Bypass --+++=========================================================================+++-- --+++====== Syzygy CMS = 0.3 Auth Bypass SQL Injection Vulnerability ======+++-- --+++=========================================================================+++-- + Syzygy...
Dark Age CMS 2.0 - login.php SQL Injection
Dark Age CMS 2.0 - login.php SQL Injection source: https://www.securityfocus.com/bid/33271/info Dark Age CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...