3751 matches found
TotalCalendar <= 2.402 (view_event.php) Remote SQL Injection Vulns
No description provided by source. --==+================================================================================+==--br / --==+ TotalCalendar 2.402 SQL Injection Vulnerability +==--br /...
CVE-2007-3183
Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 month and 2 year parameters to calendar.php and the 3 search string to calsearch.php...
EUVD-2007-3119
content.php in WSPortal 1.0, when magicquotesgpc is disabled, allows remote attackers to obtain sensitive information via a "';" quote semicolon sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message...
PHProjekt: Multiple vulnerabilities
Background PHProjekt is a project management and coordination tool written in PHP. Description Alexios Fakos from n.runs AG has discovered multiple vulnerabilities in PHProjekt, including the execution of arbitrary SQL commands using unknown vectors CVE-2007-1575, the execution of arbitrary PHP...
CVE-2007-3214
SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter...
[waraxe-2007-SA#050] - Sql Injection in WordPress 2.1.3
waraxe-2007-SA050 - Sql Injection in WordPress 2.1.3 ==================================================================== Author: Janek Vind "waraxe" Date: 21. May 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-50.html Target software description: Vulnerable: WordPress 2.1.3...
Magic ISO buffer overflow
Buffer overflow on .cue files parsing...
Magic iso heap over flow <Help>
Ive found a heap over flow in magic iso when opening a .cue file..I was wondering if any one could point me in the right direction to exploiting this as we control the eax and ecx ive seen many diffrent ways of doing this through!peb and uef..Im looking for help in writing a simple poc for servic...
WEBInsta FM 0.1.4 login.php absolute_path Remote File Inclusion Exploit
Exploit for unknown platform in category web applications ======================================================================= WEBInsta FM 0.1.4 login.php absolutepath Remote File Inclusion Exploit ======================================================================= !/usr/bin/perl / \ / \ |...
WEBInsta FM 0.1.4 - 'login.php' absolute_path Remote File Inclusion
!/usr/bin/perl / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title WebInsta FM = 0.1.4 Remote File Inclusion Vulnerability Description This is a basic file manager written by WebInsta.com Vuln Code In...
The United States Blizzard[World Of Warcraft] official program vulnerability-vulnerability warning-the black bar safety net
Battle.net clan management system using a MySQL backend, allowing users to easily upgrade and maintain the web site. System to achieve on exist input validation vulnerability, a remote attacker could use this vulnerability to executeSQL injectionattacks, unauthorized access to system administrati...
IceBB 1.0-rc5 Remote Create Admin Exploit
Exploit for unknown platform in category web applications ========================================= IceBB 1.0-rc5 Remote Create Admin Exploit ========================================= !/usr/bin/perl IceBB 1.0-rc5 Remote Create Admin Exploit 1. register a user 2. run this exploit with this usage :...
CVE-2007-1638
Multiple cross-site request forgery CSRF vulnerabilities in the checkcsrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magicquotesgpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the 1 Projects, 2 Contacts, 3 Helpdesk, 4 Notes, 5 Search...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the checkcsrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magicquotesgpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the 1 Projects, 2 Contacts, 3 Helpdesk, 4 Notes, 5 Search...
CVE-2007-1576
Multiple cross-site scripting XSS vulnerabilities in PHProjekt 5.2.0, when magicquotesgpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the 1 Projects, 2 Contacts, 3 Helpdesk, 4 Search only Gecko engine driven Browsers, and 5 Notes...
phpbb2. 0. 1 2 full path disclosure vulnerability-a vulnerability warning-the black bar safety net
phpbb is a powerful, scalable open source electronic Bulletin system. The latest version and low version are there is a path disclosure issue. Test method: The forum path is/viewtopic. php? p=6&highlight=\xiaohua Will appear the following text: Warning: Compilation failed: missing terminating for...
phpnuke80-cookie.txt
///////////////////////////////////////////////////////////////////////////////////////////////////// PHPNuke Preferences - Multilingual Options- On Activate Multilingual features? = YES ///////////////////////////////////////////////////////////////////////////////////////////////////// Bug is...
Remote file inclusion
PHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2.747 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter...
CVE-2007-1393
PHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2.747 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter...
CVE-2007-1393
CVE-2007-1393 describes a PHP remote file inclusion vulnerability in mysave.php of Magic CMS 4.2.747, allowing remote attackers to execute arbitrary PHP code by supplying a URL in the file parameter. The NVD metrics indicate a high-severity, network-accessible flaw with complete impact on confide...