Blue Eye CMS 1.0.0 - Remote Cookie SQL Injection

Blue Eye CMS 1.0.0 - Remote Cookie SQL Injection BlueEye CMS Download: http://kent.dl.sourceforge.net/sourceforge/blueeyecms/blueeyecms-100preRC.rar need magicquotesgpc = Off - Vuln code: 10: if !empty$COOKIE"BlueEyeCMSlogin" // -- Only?? 11: $clogin = $COOKIE"BlueEyeCMSlogin"; // -- Not clean??...

Demium CMS 0.2.1B Multiple Vulnerabilities and Exploit

No description provided by source. Demium CMS, version 0.2.1 Beta, is prone to multiple remote vulnerabilities, because of insufficient security on it. Let's see them. In this advisory you can find vulnerabilities, afflicted source, and multiple Remote Exploit. Credits to : Giovanni Buzzin, Osiry...

PT-2009-1778 · Xt · Xt:Commerce

Name of the Vulnerable Software and Affected Versions: xt:Commerce versions prior to 3.0.4 Sp2.1 Description: The issue allows remote attackers to execute arbitrary SQL commands via unspecified vectors when magic quotes gpc is enabled and the SEO URLs are activated. Recommendations: For versions...

CVE-2009-0730

Multiple SQL injection vulnerabilities in the GigCalendar comgigcal component 1.0 for Mambo and Joomla!, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via 1 the gigcal venuesid parameter in a details action to index.php, which is not properly handled by...

CVE-2009-0730

Multiple SQL injection vulnerabilities in the GigCalendar comgigcal component 1.0 for Mambo and Joomla!, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via 1 the gigcal venuesid parameter in a details action to index.php, which is not properly handled by...

Sql injection

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via 1 the checkuser parameter aka username field, or 2 the checkpass parameter aka password field, to...

Directory traversal

Multiple directory traversal vulnerabilities in LightBlog 9.8, when magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the 1 username parameter to viewmember.php, 2 usernamepost parameter to login.php, and the 3 Lightblogusername...

PowerMovieList 0.14b (SQL/XSS) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ============================================================== PowerMovieList 0.14b SQL/XSS Multiple Remote Vulnerabilities ==============================================================...

NovaBoard 1.0.0 Multiple Remote Vulnerabilities

No description provided by source. =============================================================================================== Found : brainpillow Dork : "Powered by NovaBoard v1.0.0" Visit : brainpillow.cc, forum.antichat.ru, raz0r.name Mail : [email protected]...

powermovielist 0.14b - SQL Injection Cross-Site Scripting

powermovielist 0.14b - SQL Injection Cross-Site Scripting =============================================================================================== Found : brainpillow Dork : "PowerMovieList 0.14 Beta Copyright" Visit : brainpillow.cc, forum.antichat.ru, raz0r.name Mail :...

Novaboard 1.0.0 - Multiple Vulnerabilities

=============================================================================================== Found : brainpillow Dork : "Powered by NovaBoard v1.0.0" Visit : brainpillow.cc, forum.antichat.ru, raz0r.name Mail : [email protected]...

powermovielist 0.14b - SQL Injection / Cross-Site Scripting

=============================================================================================== Found : brainpillow Dork : "PowerMovieList 0.14 Beta Copyright" Visit : brainpillow.cc, forum.antichat.ru, raz0r.name Mail : [email protected]...

CVE-2009-0570

Directory traversal vulnerability in send.php in Ninja Designs Mailist 3.0, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the load parameter. NOTE: some of these details are obtained from...

CVE-2009-0570

The CVE-2009-0570 entry describes a Directory traversal vulnerability in Ninja Designs Mailist 3.0 (send.php) that is exploitable when PHP register_globals is enabled and magic_quotes_gpc is disabled. An attacker can use a .. path in the load parameter to include and execute arbitrary local files...

CVE-2008-6103

PHP remote file inclusion vulnerability in index.php in A4Desk Event Calendar, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the v parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in GRBoard 1.8, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 theme parameter to a 179squareboxpdslist/view.php, b 179squareboxminishopexpand/view.php, c...

Simple PHP News 1.0 - Remote Command Execution

!/usr/bin/perl ----------------------------------------------------------------------------- INFORMATIONS ----------------------------------------------------------------------------- App = Simple PHP News 1.0 Final Downl = http://www.hotscripts.com/jump.php?listingid=66376&jumptype=1 Remote...

phpslash <= 0.8.1.1 Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q ?php phpslash = 0.8.1.1 Remote Code Execution Exploit - - - - - - - - - - - - - - - - - - - - - - - - - RCE with no special rights guest. No special PHP conditions required. - - - - - - - - - - - - - - - - - - - - - - - - - 0 It was a private...

TxtBlog 1.0 Alpha Remote Command Execution Exploit

Exploit for unknown platform in category web applications ================================================== TxtBlog 1.0 Alpha Remote Command Execution Exploit ================================================== !/usr/bin/perl...

TxtBlog 1.0 Alpha Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl ----------------------------------------------------------------------------- INFORMATIONS ----------------------------------------------------------------------------- App = TxtBlog v 1.0 Alpha Downl =...