ArabPortal v2.2.x Remote SQL Injection Vulnerability

Exploit for php platform in category web applications ==================================================== ArabPortal v2.2.x Remote SQL Injection Vulnerability ==================================================== Software Link: http://www.arab-portal.info/download.php?action=download&fileid=127...

phpmps 2.0 GBK Help.php $keywords SQL注入漏洞

php分类信息发布系统是一款免费开源的分类信息程序,适用于建立本地信息站点 Help.php 文件，取得keywords的值，只用trim函数，去除了首位空，直接带入sql查询 //取得文章列表 $keyword = !empty$REQUEST'keywords' ? trim$REQUEST'keywords' : ''; $typeid = !empty$REQUEST'typeid' ? intval$REQUEST'typeid' : 0; if!empty$keyword $arr = array; $keywords = 'AND '; $keywords .= "titl...

MigasCMS 1.0 SQL Injection vulnerabilities

No description provided by source. Title: MigasCMS 1.0 SQL Injection Download: http://www.sebrac.webcindario.com/cms/ AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory:...

CVE-2010-2012

SQL injection vulnerability in function.php in MigasCMS 1.1, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categorie parameter in a catalogo action. NOTE: some of these details are obtained from third party information...

CVE-2010-2019

SQL injection vulnerability in downlot.php in Lokomedia CMS 1.4.1, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Online University SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail :...

Online University (Auth Bypass) SQL Injection Vulnerability

Exploit for php platform in category web applications =========================================================== Online University Auth Bypass SQL Injection Vulnerability ===========================================================...

Online Job Board - Authentication Bypass

Online Job Board - Authentication Bypass '/ -.- --------------------oOO------OOo----------------------------- | Online Job Board Auth Bypass SQL Injection Vulnerability | | works only with magicquotesgpc = off | ---------------------------------------------------------------- ! Discovered: cr4wl3...

Online Job Board - Authentication Bypass

'/ -.- --------------------oOO------OOo----------------------------- | Online Job Board Auth Bypass SQL Injection Vulnerability | | works only with magicquotesgpc = off | ---------------------------------------------------------------- ! Discovered: cr4wl3r ! Homepage: http://h4ckb0x.org/ !...

CVE-2010-1950

SQL injection vulnerability in the Online News Paper Manager comjnewspaper component 1.0 for Joomla!, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the dateinfo parameter to index.php. NOTE: the provenance of this information is unknown; the detail...

MigasCMS 1.0 SQL Injection

Title: MigasCMS 1.0 SQL Injection Download: http://www.sebrac.webcindario.com/cms/ AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory: http://www.itsecteam.com/en/vulnerabilities/vulnerability54.htm Thanks:...

Remote file inclusion

PHP remote file inclusion vulnerability in core/includes/gfwsmarty.php in Gallo 0.1.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the configgfwroot parameter...

CVE-2010-1737

PHP remote file inclusion vulnerability in core/includes/gfwsmarty.php in Gallo 0.1.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the configgfwroot parameter...

Magic Uploader Mini Upload Vulnerability

Exploit for php platform in category web applications ======================================== Magic Uploader Mini Upload Vulnerability ======================================== ======================================================================================== | Title : Magic Uploader Mini...

Magic Uploader Mini - Arbitrary File Upload

======================================================================================== | Title : Magic Uploader Mini Upload Vulnerability | Author : indoushka | email : [email protected] | Home : www.iqs3cur1ty.com | Web Site : http://dl.p30vel.ir/scripts/miniuploader.zip | Tested on: windo...

PT-2010-3056 · Xt:Commerce · Xt:Commerce

Name of the Vulnerable Software and Affected Versions: xt:Commerce affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the coID parameter in the Direct URL module, specifically in the bluegate seo.inc.php file, when magic quotes gpc...

Directory traversal

Directory traversal vulnerability in the Magic Updater comjoomlaupdater component for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php...

CVE-2010-1307

Directory traversal vulnerability in the Magic Updater comjoomlaupdater component for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php...

CVE-2010-1307

Nuclei templates confirm a Local File Inclusion in Joomla! via the Magic Updater (com_joomlaupdater). The vulnerability arises from a directory traversal in the index.php controller parameter, allowing remote attackers to read arbitrary files. Affected component: Joomla! Magic Updater (com_joomla...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, and possibly earlier, when magicquotesgpc is disabled and registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 DefineRootToTool parameter to counter.php, 2 PathToRoot parameter to...