doop CMS 1.3.7 - Local File Inclusion

| DOOP CMS =1.3.7 Local File Inclusion | || | vuln path: ?page=/../../../../../../../etc/passwd%00 | | | | dork: Doop CMS | | dork2: powered by Doop CMS | | | | work only if magicquotesgpc are set to OFF | || | vuln code: | | line 544: | | if !isset$REQUEST'page' | | $REQUEST'page'=$homepage; | |...

phpstats-multi.txt

32 break; 100. 103. $title='?'; 104. if$option'pagetitle' && isset$GET't' 105. 106. $tmpTitle=htmlspecialcharsaddslashesurldecode$GET't'; 107. if$tmpTitle!='\\\" t \\\"' $title=$tmpTitle; 108. 109. 174. if $loaded=='?' && $title!='?' 175. $result=sqlquery"SELECT lastpage FROM...

PHP-Stats 0.1.9.2 - Multiple Vulnerabilities

PHP-Stats 0.1.9.2 - Multiple Vulnerabilities 32 break; 100. 103. $title='?'; 104. if$option'pagetitle' && isset$GET't' 105. 106. $tmpTitle=htmlspecialcharsaddslashesurldecode$GET't'; 107. if$tmpTitle!='\\\" t \\\"' $title=$tmpTitle; 108. 109. 174. if $loaded=='?' && $title!='?' 175...

PHP-Stats 0.1.9.2 - Multiple Vulnerabilities

32 break; 100. 103. $title='?'; 104. if$option'pagetitle' && isset$GET't' 105. 106. $tmpTitle=htmlspecialcharsaddslashesurldecode$GET't'; 107. if$tmpTitle!='\\\" t \\\"' $title=$tmpTitle; 108. 109. 174. if $loaded=='?' && $title!='?' 175. $result=sqlquery"SELECT lastpage FROM...

CVE-2007-5308

SQL injection vulnerability in galerie.php in PHP Homepage M phpHPm 1.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action...

CVE-2007-5189

Multiple SQL injection vulnerabilities in mesadd.php in x-script GuestBook 1.3a, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 name, 2 email, 3 icq, and 4 website parameters...

mdpro1076-sql.txt

!/usr/bin/perl use strict; use IO::Socket; my $app = "MDPro 1.0.76"; my $type = "SQL Injection"; my $author = "undefined1"; my $settings = "magicquotesruntime = off, mysql = 4.1.0"; $| = 1; print ":: $app $type - by $author ::\n\n\n"; my $url = shift || usage; if$url = m/^?:http://./ $url = $1;...

MDPro 1.0.76 Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl use strict; use IO::Socket; my $app = "MDPro 1.0.76"; my $type = "SQL Injection"; my $author = "undefined1"; my $settings = "magicquotesruntime = off, mysql = 4.1.0"; $| = 1; print ":: $app $type - by $author ::\n\n\n"; my $url = shift || usage;...

clansphere-sql.txt

Inclusion Hunter Team http://www.ihteam.net Clansphere 2007.4 Class: SQL Injection Found: 22/09/2007 Remote: Yes Site: http://www.clansphere.net/ Download: http://sourceforge.net/project/showfiles.php?groupid=95430 Vulnerable code: mods/banners/navlist.php...

shopscript-exec.txt

?php Shop-Script FREE = 2.0 Remote Command Execution Exploit by InATeam tested on versions 1.2 and 2.0 works regardless magicquotesgpc=on Greetz: eXp, Kuzya, cxim, Russian, ENFIX echo "--------------------------------------------------------\n"; echo "Shop-Script FREE = 2.0 Remote Command Executi...

Debian DSA-1343-1 : file - integer overflow

Colin Percival discovered an integer overflow in file, a file type classification tool, which may lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...

wolioCMS SQL Injection

wolioCMS - SQL Injection and Bypass Administrator Login Vendor : http://www.buton.web.id/member.php?member=anon Download : http://www.buton.web.id/download/woliocms.zip Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg @irc.dal.net Exploit ini berhasil jika...

akocomment SQL INJECTION (all version)

$query2 = "INSERT INTO akocomment SET parentid='$acparentid', contentid='$contentid', ip='$ip', name='$acname', title='$title', comment='$comment', date='$date', published='$acautopublish';"; there are two SQL injection. POC: INPUT TYPE='hidden' NAME='acitemid' value='9'INPUT TYPE='hidden'...

TotalCalendar <= 2.402 (view_event.php) Remote SQL Injection Vulns

No description provided by source. --==+================================================================================+==--br / --==+ TotalCalendar 2.402 SQL Injection Vulnerability +==--br /...

CVE-2007-3183

Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 month and 2 year parameters to calendar.php and the 3 search string to calsearch.php...

EUVD-2007-3119

content.php in WSPortal 1.0, when magicquotesgpc is disabled, allows remote attackers to obtain sensitive information via a "';" quote semicolon sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message...

PHProjekt: Multiple vulnerabilities

Background PHProjekt is a project management and coordination tool written in PHP. Description Alexios Fakos from n.runs AG has discovered multiple vulnerabilities in PHProjekt, including the execution of arbitrary SQL commands using unknown vectors CVE-2007-1575, the execution of arbitrary PHP...

CVE-2007-3214

SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter...

[waraxe-2007-SA#050] - Sql Injection in WordPress 2.1.3

waraxe-2007-SA050 - Sql Injection in WordPress 2.1.3 ==================================================================== Author: Janek Vind "waraxe" Date: 21. May 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-50.html Target software description: Vulnerable: WordPress 2.1.3...

Magic ISO buffer overflow

Buffer overflow on .cue files parsing...