Lucene search
K

3751 matches found

0day.today
0day.today
added 2005/12/14 12:0 a.m.323 views

Limbo <= 1.0.4.2 _SERVER[REMOTE_ADDR] Overwrite Remote Exploit

Exploit for unknown platform in category web applications ============================================================== Limbo this works wtih registerglobals off & regardless of magicquotesgpc settings usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "Humble words and...

7.1AI score
Exploits0
NVD
NVD
added 2005/12/12 1:3 a.m.16 views

CVE-2005-4177

Cross-site scripting XSS vulnerability in book.cfm in Magic Book Personal and Professional 2.0 allows remote attackers to inject arbitrary web script or HTML via the StartRow parameter...

4.3CVSS5.7AI score0.01929EPSS
Exploits1References6
CVE
CVE
added 2005/12/12 1:0 a.m.37 views

CVE-2005-4177

The CVE-2005-4177 entry concerns an XSS vulnerability in Magic Book Personal and Professional 2.0, specifically in the book.cfm component where the StartRow parameter is not properly sanitized. The vulnerability could allow remote attackers to inject arbitrary web script or HTML, as documented by...

4.3CVSS6AI score0.01929EPSS
Exploits1References6Affected Software2
Cvelist
Cvelist
added 2005/12/12 1:0 a.m.19 views

CVE-2005-4177

Cross-site scripting XSS vulnerability in book.cfm in Magic Book Personal and Professional 2.0 allows remote attackers to inject arbitrary web script or HTML via the StartRow parameter...

5.7AI score0.01929EPSS
Exploits1References6
Exploit DB
Exploit DB
added 2005/12/12 12:0 a.m.25 views

Magic Book Professional 2.0 - &#039;Book.cfm&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/15805/info Magic Book Professional is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in...

7AI score
Exploits0
NVD
NVD
added 2005/12/08 1:3 a.m.10 views

CVE-2005-4072

Cross-site scripting XSS vulnerability in CFMagic Magic Forum Personal 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the Words parameter in searchforums.cfm, as used in the "Search For:" field...

4.3CVSS5.7AI score0.01177EPSS
Exploits0References4
NVD
NVD
added 2005/12/08 1:3 a.m.11 views

CVE-2005-4071

Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 ForumID parameter in viewforum.cfm, and 2 ForumID, 3 Thread, and 4 ThreadID parameters in viewthread.cfm...

7.5CVSS8.5AI score0.01256EPSS
Exploits0References7
CVE
CVE
added 2005/12/08 1:0 a.m.37 views

CVE-2005-4073

CVE-2005-4073 affects CFMagic Magic List Pro 2.5 with an SQL injection in view_archive.cfm via the ListID parameter, enabling remote execution of arbitrary SQL. CVSS v2 base score 7.5 (HIGH); attack vector NETWORK, low complexity, no authentication. No remediation details are provided in the conn...

7.5CVSS8.8AI score0.01095EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2005/12/08 1:0 a.m.17 views

CVE-2005-4072

Cross-site scripting XSS vulnerability in CFMagic Magic Forum Personal 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the Words parameter in searchforums.cfm, as used in the "Search For:" field...

5.7AI score0.01177EPSS
Exploits0References4
CVE
CVE
added 2005/12/08 1:0 a.m.46 views

CVE-2005-4072

The CVE describes a cross-site scripting (XSS) vulnerability in CFMagic Magic Forum Personal 2.5 and earlier, where an attacker can inject arbitrary script via the Words parameter in search_forums.cfm used in the “Search For:” field. The available records confirm the affected software and the inp...

4.3CVSS6AI score0.01177EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2005/12/08 1:0 a.m.44 views

CVE-2005-4071

CVE-2005-4071 affects CFMagic Magic Forum Personal 2.5 and earlier. The vulnerabilities are SQL injection in the web interface: (1) ForumID in view_forum.cfm and (2) ForumID, (3) Thread, and (4) ThreadID in view_thread.cfm, allowing remote attackers to execute arbitrary SQL commands. The NVD entr...

7.5CVSS8.9AI score0.01256EPSS
Exploits0References7Affected Software1
exploitpack
exploitpack
added 2005/12/08 12:0 a.m.12 views

Magic List Pro - view_archive.cfm?ListID SQL Injection

Magic List Pro - viewarchive.cfm?ListID SQL Injection source: https://www.securityfocus.com/bid/15774/info CFMagic Products are prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. These vulnerabilities allow an attacker to...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2005/12/08 12:0 a.m.43 views

Website Baker 2.6.0 - Authentication Bypass / Remote Code Execution

this works with magicquotesgpc off usage: launch from Apache, fill in requested fields, then go! Sun Tzu: "The control of a large force is the same principle as the control of a few men: it is merely a question of dividing up their numbers." errorreporting0; iniset"maxexecutiontime",0;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2005/12/08 12:0 a.m.36 views

Magic Forum Personal - &#039;view_thread.cfm&#039; Multiple SQL Injections

source: https://www.securityfocus.com/bid/15774/info CFMagic Products are prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. These vulnerabilities allow an attacker to inject malicious SQL code into database queries, and...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2005/12/06 12:0 a.m.21 views

Magic Forum Personal SQL&amp;XSS vuln.

Magic Forum Personal SQL&XSS vuln. Vuln. dicovered by : r0t Date: 6 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/magic-forum-personal-sqlxss-vuln.html vendor:www.cfmagic.com/products/magicforumper.cfm affected version:2.5 and prior Product Description: Magic Forum Personal is ou...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2005/12/06 12:0 a.m.23 views

Magic Book v2.0 Professional Vuln.

Magic Book v2.0 Professional Vuln. Vuln. dicovered by : r0t Date: 6 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/magic-book-v20-professional-vuln.html vendor:www.cfmagic.com/products/magicbook.cfm affected version:v.2.0 and prior Product Description: Magic Book Professional...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2005/12/06 12:0 a.m.22 views

Magic List pro 2.5 SQL inj. vuln.

Magic List pro 2.5 SQL inj. vuln. Vuln. dicovered by : r0t Date: 6 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/magic-list-pro-25-sql-inj-vuln.html vendor:www.cfmagic.com/products/magiclistpro.cfm affected version:2.5 Product Description: Magic List Pro is our full-featured opt-...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2005/12/06 12:0 a.m.46 views

SimpleBBS 1.1 - Remote Command Execution

this works regardless of magicquotesgpc settings usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "He will win who knows when to fight and when not to fight." errorreporting0; iniset"maxexecutiontime",0; iniset"defaultsockettimeout", 2; obimplicitflush 1; echo' SimpleBBS bod...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2005/12/02 12:0 a.m.33 views

n13SQL.php.txt

.::KingOfSka N-13 News Remote PHP Shell Injection::. || http://contropotere.altervista.org || .::KingOfSka N-13 News PHP Shell Injection::. || Contro Potere Hacking Crew || ' ,0 ,0 ,0 ,0 INTO OUTFILE '$outfile"; $sql = urlencode$sql; $expurl= $url."?id=".$sql ; echo ' Click Here to Exploit '; ech...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2005/11/30 12:0 a.m.40 views

N-13 News Remote SQL/PHP Shell injection

?php 0 day -- 29/11/2005 N-13 News Remote SQL / PHP-Shell Injection Just upload in a web-server with modphp and run it trhough your browser ; Affected Software : http://network-13.com/ N-13 News Version: All Exploit discovere and written by: KingOfSka @ http://contropotere.altervista.org Conditio...

0.3AI score
Exploits0
Rows per page
Query Builder