1024 CMS 1.4.2 - Local File Inclusion Blind SQL Injection

1024 CMS 1.4.2 - Local File Inclusion Blind SQL Injection Author: GiReX mySite: girex.altervista.org Date: 13/04/2008 CMS: 1024 CMS = 1.4.1 and 1.4.2 beta Site: 1024cms.com Bug1: Local File Inclusion Need: magicquotesgpc = Off / registerglobals = On Bug2: Cookie Blind SQL Injection Exploit: Admin...

1024 CMS 1.4.2 - Local File Inclusion / Blind SQL Injection

Author: GiReX mySite: girex.altervista.org Date: 13/04/2008 CMS: 1024 CMS = 1.4.1 and 1.4.2 beta Site: 1024cms.com Bug1: Local File Inclusion Need: magicquotesgpc = Off / registerglobals = On Bug2: Cookie Blind SQL Injection Exploit: Admin Hash Retrieve Exploit Need: magicquotesgpc = Off Bug1: Vu...

CVE-2008-1714

SQL injection vulnerability in show.php in FaScript FaPhoto 1.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2008-1715

AuraCMS 2.2.1 and earlier is affected by an SQL injection in content/user.php when magic_quotes_gpc is disabled. The country parameter is the injection vector, allowing remote attackers to execute arbitrary SQL commands. The available sources confirm the vulnerability and affected version range, ...

PostNuke 0.764 - Blind SQL Injection

!/usr/bin/python ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / ================================================================================================= This was a priv8 Exploit...

EasyGallery 5.0tr - Multiple Vulnerabilities

--==+=================== Spanish Hackers Team www.spanish-hackers.com =================+==-- --==+ EasyGallery "alert"JosS + Cross Site Scripting: Vuln File: index.php Exploit: http://localhost/PATH/staticpages/easygallery/index.php?help=about&q=XSS Example: %22+onmouseover=alert"JosS"+...

AuraCMS 1.62 - Multiple SQL Injections

!/usr/bin/perl Indonesian Newhack Security Advisory ------------------------------------ AuraCMS 1.62 Multiple Remote SQL Injection Exploit Waktu : Feb 15 2008 01:00PM Software : AuraCMS Versi : 1.62 Vendor : http://www.auracms.org/ ------------------------------------ Audit Oleh : NTOS-Team Loka...

CVE-2008-0798

Multiple directory traversal vulnerabilities in artmedic webdesign weblog 1.0, when magicquotesgpc is disabled, allow remote attackers to read arbitrary files via a .. dot dot in the 1 ta parameter to artmedicindex.php, reached through index.php; and the 2 date parameter to artmedicprint.php...

OpenSiteAdmin <= 0.9.1.1 Multiple File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications ================================================================ OpenSiteAdmin = 0.9.1.1 Multiple File Inclusion Vulnerabilities ================================================================ Software Vulnerable: OpenSiteAdmin 0.9.1 BETA...

allclub-lfi.txt

Vulnerability: File Inclusion Software Vulnerable: All Club CMS 0.0.1f and maybe prior versions. Vulnerable Code: --- function autoload$classname requireonce 'includes/'.$classname . '.php'; --- Download: http://sourceforge.net/project/showfiles.php?groupid=209058 Server should have: Register...

All Club CMS <= 0.0.1f index.php Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications =================================================================== All Club CMS pepepistola, musashi, patoruzu, ElvisPresley and sky Yashira.org-- PescaoDeth, Garcez, Crackneo, alexhk23 and all users of yashira as dapaf, elmanguan, etc...

phpShop <= 0.8.1 Remote SQL injection / Filter Bypass Vulnerabilities

Exploit for unknown platform in category web applications ===================================================================== phpShop $REQUEST'keyword', 'categoryid' = $REQUEST'categoryid', 'productid' = $REQUEST'productid', 'userid' = $REQUEST'userid', 'userinfoid' = $REQUEST'userinfoid', 'pag...

phpShop 0.8.1 - SQL Injection / Filter Bypass

Vendor : PHPShop Webiste : http://www.phpshop.org Version : v0.8.1 Author: the redc0ders / theredc0dersatgmaildotcom Condition: magicquotegpc = off , in php.ini setting Details : ========== Vulnerable Code in index.php near lines 98 - 128 code // basic SQL inject detection $myinsecurearray =...

Sql injection

Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magicquotesgpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via 1 the mohit parameter to a inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via 2 the id parameter to...

deluxebb-xss.txt

Founded: 21, January 2008 Autor: NBBN Type: XSS DeluxeBB Version: 1.1 Register Globals: ON Magic Quotes; OFF poc: http://www.site.tld/path/templates/default/admincp/attachmentsheader.php?langlistofmatches=alert"XSS"...

DeluxeBB 1.1 XSS Vulnerabilitie

Founded: 21, January 2008 Autor: NBBN Type: XSS DeluxeBB Version: 1.1 Register Globals: ON Magic Quotes; OFF poc: http://www.site.tld/path/templates/default/admincp/attachmentsheader.php?langlistofmatches=scriptalert"XSS"/script...

Debian: Security Advisory (DSA-1343-2)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 042-1 (gnuserv, xemacs21)

The remote host is missing an update to gnuserv, xemacs21 announced via advisory DSA 042-1. OpenVAS Vulnerability Test $Id: deb0421.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 042-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

CVE-2008-0254

SQL injection vulnerability in activate.php in TutorialCMS aka Photoshop Tutorials 1.02, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter...

tutorialcms102-sql.txt

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- TutorialCMS 1.02 Remote SQL Injection Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- bug found by ka0x contact: ka0x01atgmail.com D.O.M TEAM 2008 we are: ka0x, an0de, xarnuz from spain download...