3751 matches found
Limbo <= 1.0.4.2 _SERVER[REMOTE_ADDR] Overwrite Remote Exploit
Exploit for unknown platform in category web applications ============================================================== Limbo this works wtih registerglobals off & regardless of magicquotesgpc settings usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "Humble words and...
CVE-2005-4177
Cross-site scripting XSS vulnerability in book.cfm in Magic Book Personal and Professional 2.0 allows remote attackers to inject arbitrary web script or HTML via the StartRow parameter...
CVE-2005-4177
The CVE-2005-4177 entry concerns an XSS vulnerability in Magic Book Personal and Professional 2.0, specifically in the book.cfm component where the StartRow parameter is not properly sanitized. The vulnerability could allow remote attackers to inject arbitrary web script or HTML, as documented by...
CVE-2005-4177
Cross-site scripting XSS vulnerability in book.cfm in Magic Book Personal and Professional 2.0 allows remote attackers to inject arbitrary web script or HTML via the StartRow parameter...
Magic Book Professional 2.0 - 'Book.cfm' Cross-Site Scripting
source: https://www.securityfocus.com/bid/15805/info Magic Book Professional is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in...
CVE-2005-4072
Cross-site scripting XSS vulnerability in CFMagic Magic Forum Personal 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the Words parameter in searchforums.cfm, as used in the "Search For:" field...
CVE-2005-4071
Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 ForumID parameter in viewforum.cfm, and 2 ForumID, 3 Thread, and 4 ThreadID parameters in viewthread.cfm...
CVE-2005-4073
CVE-2005-4073 affects CFMagic Magic List Pro 2.5 with an SQL injection in view_archive.cfm via the ListID parameter, enabling remote execution of arbitrary SQL. CVSS v2 base score 7.5 (HIGH); attack vector NETWORK, low complexity, no authentication. No remediation details are provided in the conn...
CVE-2005-4072
Cross-site scripting XSS vulnerability in CFMagic Magic Forum Personal 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the Words parameter in searchforums.cfm, as used in the "Search For:" field...
CVE-2005-4072
The CVE describes a cross-site scripting (XSS) vulnerability in CFMagic Magic Forum Personal 2.5 and earlier, where an attacker can inject arbitrary script via the Words parameter in search_forums.cfm used in the “Search For:” field. The available records confirm the affected software and the inp...
CVE-2005-4071
CVE-2005-4071 affects CFMagic Magic Forum Personal 2.5 and earlier. The vulnerabilities are SQL injection in the web interface: (1) ForumID in view_forum.cfm and (2) ForumID, (3) Thread, and (4) ThreadID in view_thread.cfm, allowing remote attackers to execute arbitrary SQL commands. The NVD entr...
Magic List Pro - view_archive.cfm?ListID SQL Injection
Magic List Pro - viewarchive.cfm?ListID SQL Injection source: https://www.securityfocus.com/bid/15774/info CFMagic Products are prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. These vulnerabilities allow an attacker to...
Website Baker 2.6.0 - Authentication Bypass / Remote Code Execution
this works with magicquotesgpc off usage: launch from Apache, fill in requested fields, then go! Sun Tzu: "The control of a large force is the same principle as the control of a few men: it is merely a question of dividing up their numbers." errorreporting0; iniset"maxexecutiontime",0;...
Magic Forum Personal - 'view_thread.cfm' Multiple SQL Injections
source: https://www.securityfocus.com/bid/15774/info CFMagic Products are prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. These vulnerabilities allow an attacker to inject malicious SQL code into database queries, and...
Magic Forum Personal SQL&XSS vuln.
Magic Forum Personal SQL&XSS vuln. Vuln. dicovered by : r0t Date: 6 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/magic-forum-personal-sqlxss-vuln.html vendor:www.cfmagic.com/products/magicforumper.cfm affected version:2.5 and prior Product Description: Magic Forum Personal is ou...
Magic Book v2.0 Professional Vuln.
Magic Book v2.0 Professional Vuln. Vuln. dicovered by : r0t Date: 6 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/magic-book-v20-professional-vuln.html vendor:www.cfmagic.com/products/magicbook.cfm affected version:v.2.0 and prior Product Description: Magic Book Professional...
Magic List pro 2.5 SQL inj. vuln.
Magic List pro 2.5 SQL inj. vuln. Vuln. dicovered by : r0t Date: 6 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/magic-list-pro-25-sql-inj-vuln.html vendor:www.cfmagic.com/products/magiclistpro.cfm affected version:2.5 Product Description: Magic List Pro is our full-featured opt-...
SimpleBBS 1.1 - Remote Command Execution
this works regardless of magicquotesgpc settings usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "He will win who knows when to fight and when not to fight." errorreporting0; iniset"maxexecutiontime",0; iniset"defaultsockettimeout", 2; obimplicitflush 1; echo' SimpleBBS bod...
n13SQL.php.txt
.::KingOfSka N-13 News Remote PHP Shell Injection::. || http://contropotere.altervista.org || .::KingOfSka N-13 News PHP Shell Injection::. || Contro Potere Hacking Crew || ' ,0 ,0 ,0 ,0 INTO OUTFILE '$outfile"; $sql = urlencode$sql; $expurl= $url."?id=".$sql ; echo ' Click Here to Exploit '; ech...
N-13 News Remote SQL/PHP Shell injection
?php 0 day -- 29/11/2005 N-13 News Remote SQL / PHP-Shell Injection Just upload in a web-server with modphp and run it trhough your browser ; Affected Software : http://network-13.com/ N-13 News Version: All Exploit discovere and written by: KingOfSka @ http://contropotere.altervista.org Conditio...