My_REFERER v.1.08 Remote File Include

App Name : MyREFERER v.1.08 HomePage : http://www.phoenix.frihost.net/referer/readme.php Vuln type : Remote File Include RFI Vulnerability Discovered by : iNs Vuln Code: login.php include"$value"; POC: htttp://site.com/path/login.php?value=SHELL.txt?? iNs @ uNkn0wn.eu Gr33tz t0: uNkn0wn.eu - iD -...

CVE-2007-4307

Storesprite 7 and earlier suffer multiple XSS vulnerabilities that allow remote attackers to inject arbitrary web script or HTML via the next parameter to addaddress.php, editshipdetails.php, register.php, or login.php in the secure/ path. The affected component is the web application Storesprite...

PhpHostBot Login.PHP远程文件包含漏洞

PhpHostBot是一款基于PHP的WEB应用程序。 PhpHostBot不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以应用程序进程权限执行任意命令。 问题是由于'Login.PHP'脚本对用户提交的'svrrootscript'参数缺少过滤，提交远程服务器上的任意PHP文件作为包含对象，可导致以WEB权限执行任意PHP代码。 PhpHostBot 1.06 目前没有解决方案提供： http://www.idevspot.com/PhpHostBot.php...

Unfixed XSS vulnerability at www.eetechbrief.com

Security researcher Narcoticxs, has submitted on 08/08/2007 a cross-site-scripting XSS vulnerability affecting www.eetechbrief.com, which at the time of submission ranked 8475386 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/08/2007. It is...

CVE-2007-4021

CVE-2007-4021 affects Brain Book Software Secure 1.0.20070629 and earlier. The vulnerability is multiple XSS in login.php, exploitable via the (1) user and (2) pwd parameters, enabling remote attackers to inject arbitrary script/HTML into victims’ browsers. Root cause: reflected XSS in login hand...

CVE-2007-4021

Multiple cross-site scripting XSS vulnerabilities in login.php in Brain Book Software Secure 1.0.20070629 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 user and 2 pwd parameters...

CVE-2007-3627

Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to 1 login.php, 2 auth.php, and 3 subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009...

Directory traversal

Directory traversal vulnerability in login.php in Maia Mailguard 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the lang parameter...

Sql injection

SQL injection vulnerability in login.php in WebChat 0.78 allows remote attackers to execute arbitrary SQL commands via the rid parameter...

CVE-2007-3534

CVE-2007-3534 is a SQL injection vulnerability in WebChat 0.78, specifically in login.php where the rid parameter is exploited to execute arbitrary SQL commands. Affected component is WebChat’s login routine; root cause is improper input handling leading to SQL injection. Impact per sources is pa...

CVE-2007-3534

SQL injection vulnerability in login.php in WebChat 0.78 allows remote attackers to execute arbitrary SQL commands via the rid parameter...

webchat-sql.txt

webchat 0.78 Class: SQL Injection Published 28/06/2007 Remote: Yes Critical Level : Dangerous Site: http://sourceforge.net/projects/webdev-webchat/ Download: http://downloads.sourceforge.net/webdev-webchat/webchat-078.zip?modtime=1046649600&bigmirror=0 Vulnerable code: login.php...

WebChat 0.78 (login.php rid) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications =============================================================== WebChat 0.78 login.php rid Remote SQL Injection Vulnerability =============================================================== webchat 0.78 Class: SQL Injection Published...

WebChat 0.78 - 'login.php?rid' SQL Injection

webchat 0.78 Class: SQL Injection Published 28/06/2007 Remote: Yes Critical Level : Dangerous Site: http://sourceforge.net/projects/webdev-webchat/ Download: http://downloads.sourceforge.net/webdev-webchat/webchat-078.zip?modtime=1046649600&bigmirror=0 Author: r00t Vulnerable code: login.php...

Sql injection

SQL injection vulnerability in include/getuserdata.php in Power Phlogger PPhlogger 2.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.php...

Sql injection

Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote attackers to execute arbitrary SQL commands via 1 the loginusername parameter to login.php or 2 the item parameter to news.php...

CVE-2007-3313

Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote attackers to execute arbitrary SQL commands via 1 the loginusername parameter to login.php or 2 the item parameter to news.php...

CVE-2007-3129

CVE-2007-3129 concerns an XSS vulnerability in Utopia News Pro 1.4.0, specifically in login.php where the password parameter can be exploited to inject script/HTML. The vulnerability is described across multiple sources (NVD, CVE records, and Full-Disclosure material), with exploitation details i...

CVE-2007-3243

Cross-site scripting XSS vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header...

phpmydesk-rfi.txt

script:PHPMyDesk Beta Release 1.0b == RFI dir url:http://www.cynux.com/phpmydesk/ author: titanichacker contact:[email protected] H.P : http://hack-teach.com & mohandko.com & tryag.com bug in: ./index.php include$langmod; ./login.php include$langmod; ./logout.php include$langmod;...