phPay 2.2.1 - Windows Installations Local File Inclusion

phPay 2.2.1 - Windows Installations Local File Inclusion source: https://www.securityfocus.com/bid/26881/info phPay is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. The vulnerability resides in code that was intended to protect against...

Oreon 1.4 Centreon 1.4.1 - Multiple Remote File Inclusion Vulnerabilities

Oreon 1.4 Centreon 1.4.1 - Multiple Remote File Inclusion Vulnerabilities By Michael Brooks Vulnerability Type: Multiple Remote File Inclusion. Software: Oreon and Centreon Homepage:http://www.oreon-project.org/ or http://www.centreon.com/ Versions: 1.4Oreon and 1.4.1Centreon The vulnerable file...

123tkShop 0.9.1 - Remote Authentication Bypass

123tkShop 0.9.1 - Remote Authentication Bypass By Michael Brooks Vulnerability:Sql Injection Software:123tkShop Homepage:http://sourceforge.net/projects/my123tkshop/ Affects Version 0.9.1. An attacker can gain Administrative rights with this authentication bypass exploit:...

123tkShop 0.9.1 Remote Authentication Bypass Vulnerability

Exploit for unknown platform in category web applications ========================================================== 123tkShop 0.9.1 Remote Authentication Bypass Vulnerability ========================================================== By Michael Brooks Vulnerability:Sql Injection Software:123tkSh...

123tkShop 0.9.1 - Remote Authentication Bypass

By Michael Brooks Vulnerability:Sql Injection Software:123tkShop Homepage:http://sourceforge.net/projects/my123tkshop/ Affects Version 0.9.1. An attacker can gain Administrative rights with this authentication bypass exploit:...

webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability

Autor: Brainhead Type: XSS Version: 4.01.02 Files: usergallery.php, calendar.php Magic Quotes :off Examples: http://site.tld/PATH/index.php?site=usergallery&action=upload&galleryID="your code http://site.tld/PATH/index.php?site=calendar&action=announce&upID="your code...

Mcms Easy Web Make - 'index.php?template' Local File Inclusion

--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Local File...

pblang499-exec.txt

--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg Original Here: http://www.inj3ct-it.org/exploit/pbl.txt...

adv84-K-159-2007.txt

ECHOADV84$2007 ----------------------------------------------------------------------------------------- ECHOADV84$2007 ProfileCMS = 1.0 Remote SQL Injection Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran Addahroni Date :...

project alumni <= 1.0.9 Remote XSS / SQL Injection Vulnerability

No description provided by source. project-alumni sql injection & xss author : tomplixsee [email protected] ------------------------------------------------------------------------------------------------------------- affected software version : project alumni v1.0.9, v1.0.8, or lower??...

PBLang <= 4.99.17.q Remote File Rewriting / Remote Command Execution

--------------------------------------------------------------- / | | / | / |/ | | |/ | | / | | | | | |/ | | // | || | ||| /| / / | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg Original Here:...

Alstrasoft e-Friends 4.98 - seid Multiple SQL Injections

Alstrasoft e-Friends 4.98 - seid Multiple SQL Injections \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV85$2007 ----------------------------------------------------------------------------------------- ECHOADV85$2007 alstrasoft E-Friends = 4.98 seid...

alstrasoft E-Friends <= 4.98 (seid) Multiple SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications ========================================================================== alstrasoft E-Friends = 4.98 seid Multiple SQL Injection Vulnerabilities ========================================================================== \ /\ \ / | \ \ | ...

ProfileCMS 1.0 - id SQL Injection

ProfileCMS 1.0 - id SQL Injection \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV84$2007 ----------------------------------------------------------------------------------------- ECHOADV84$2007 ProfileCMS = 1.0 Remote SQL Injection Vulnerability...

Module Builder DownloadModule Traversal Arbitrary File Disclosure

The remote host is running Module Builder, a module for building SugarCRM modules. The version of Module Builder installed on the remote host fails to validate user-supplied input to the 'file' parameter of the 'modules/Builder/DownloadModule.php' script before using it to return the contents of ...

smf-blind.txt

SMF is a very hardened php application. If anyone wants an example of some interesting PHP security SMF is a good place to look. Even after being able to injection SQL I had to take another step and bypass some difficult filters found in the dbquery function. Ultimately i was able to do so. This...

Simple Machines Forum 1.1.3 Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl Written By Michael Brooks contact: th3dotr00katgmaildotcom SMF 1.1.3 Extremely fast Blind SQL Injection Exploit! -Binary Search -Multi-Threaded -NO benchmark's Two SQL Injection flaws. Works with magicquotesgpc=On or Off. Total Bypass of SMF's SQL...

Simple Machines Forum (SMF) 1.1.3 - Blind SQL Injection

Simple Machines Forum SMF 1.1.3 - Blind SQL Injection !/usr/bin/perl Written By Michael Brooks contact: th3dotr00katgmaildotcom SMF 1.1.3 Extremely fast Blind SQL Injection Exploit! -Binary Search -Multi-Threaded -NO benchmark's Two SQL Injection flaws. Works with magicquotesgpc=On or Off. Total...

Vanilla 1.1.3 - Blind SQL Injection

= 4.1, magicquotesgpc=Off Tested on versions 1.1.3, 1.1.2, 1.0.1 echo "------------------------------------------------------------\n"; echo "Vanilla - use specific prefix default LUM\n"; echo "-id= - use specific user id default 1\n"; echo "-c= - benchmark's loop count default 300000\n"; echo "-...

doop CMS &lt;= 1.3.7 (page) Local File Inclusion Vulnerability

No description provided by source. | DOOP CMS =1.3.7 Local File Inclusion | || | vuln path: ?page=/../../../../../../../etc/passwd%00 | | | | dork: Doop CMS | | dork2: powered by Doop CMS | | | | work only if magicquotesgpc are set to OFF | || | vuln code: | | line 544: | | if !isset$REQUEST'page...