kapda-26.txt

KAPDA New advisory Vendor: http://www.jaia-interactive.com Vulnerable: Version: 1.2.3 Bug: Sql Injection & Path Disclosure Exploitation: Remote with browser Description: -------------------- MyTopix is a PHP-based message board system that uses a MySQL database. Vulnerability: -------------------...

CVE-2005-4626

The default configuration of Recruitment Software installs admin/site.xml under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information MySQL database credentials via a direct request...

CVE-2005-4626

The default configuration of Recruitment Software installs admin/site.xml under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information MySQL database credentials via a direct request...

Jamit Job Board 2.4.x SQL inj.

Jamit Job Board 2.4.x SQL inj. Vuln. dicovered by : r0t Date: 14 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/jamit-job-board-24x-sql-inj.html vendor:http://www.jamit.com.au/ affected version:2.4.1 and prior Product Description: Job Board Pro is a PHP application for running and...

SMF11SQL.txt

KAPDA New advisory Vendor: http://www.simplemachines.org/ Vulnerable Version:SMF 1.1 rc1, Other versions also may be affected. Bug: SQL Injection Exploitation: Remote with browser Description: -------------------- Simple Machines Forum is a most widely used PHP-based message board system that use...

[KAPDA::#15] - ThWboard multiple vulnerabilities

KAPDA New advisory Vendor: http://www.thwboard.de Vulnerable Version: 3 beta 2.8 Bug: HTML Injection , XSS , SQL Injection Exploitation: Remote with browser Description: -------------------- ThWboard is a freely available German PHP-based message board program that uses a MySQL database...

athena.txt

Language: PHP Script: Athena Version: 0.1a Official website: http://sourceforge.net/projects/athena Problem: Remote file inclusion Discovered by: beford & GB Description: =========== A simple website management system written in oo php that uses a mysql database to store user and group rights and...

vbullXSS.txt

re, submissionsatpacketstormsecurity.org. http://nshell.h15.ru/advisory's/vBulletin%203.5.1xss.txt ========================================================= = N Shell : advizory = ========================================================= PRODUCT: vBulletin 3.5.1 DESCRIPTION: vBulletin is a...

Bugs Land Down Under v800

Bugs Land Down Under v800 PHP/MySQL Website engine Copyright Neocrome - http://www.neocrome.net --------------------------------------------- Sql Injection and Cross Site Scripting Problem examlple : /ldu/forums.php?m=topics&s=' /ldu/list.php?c=articles&s=title&w=asc&o='&p=1...

USN-96-1: mySQL vulnerabilities

Stefano Di Paola discovered three privilege escalation flaws in the MySQL server: - If an authenticated user had INSERT privileges on the 'mysql' administrative database, the CREATE FUNCTION command allowed that user to use libc functions to execute arbitrary code with the privileges of the...

[SCAN Associates Security Advisory] vbulletin 3.0.6 and below php code injection

Summary: vbulletin 3.0.6 and below php code injection Description =========== vBulletin is a powerful, scalable and fully customizable forums package for your web site. It has been written using the Web's quickest-growing scripting language; PHP, and is complimented with a highly efficient and...

AppServ 2.5.x and Prior Exploit

what AppServ ========== AppServ is the Apache/PHP/MySQL open source software installer packages. Objective : - Easy to buid Webserver and Database Server - For those who just beginning client/server programming. - For web programmers/developers using PHP & MySQL. - For programming techniques that...

MySQL Database Client Detection

Binary data 5136.prm...

Major Cpanel Expliot HTML Injection

Major Bug found 6/7/04 Discovered by Verb0s Reseller accounts with cpanel, in the password modification page, can insert a basic injection ex:http://domain:2086/scripts/passwd?password=&domain=&user= The code will modify all the mysql database passwords, in which the reseller shouldnb't have...

jelsoftvb.txt

Vendor : Jelsoft Enterprises URL : http://www.vbulletin.com Version : vBulletin 3.0.0 RC4 && Others Risk : Cross Site Scripting Description: vBulletin is a powerful, scalable and fully customisable forums package for your web site. Based on the PHP language, backed with a blisteringly fast MySQL...

phpx324.txt

PHPX 3.2.4 http://www.phpx.org Versions Affected: PHPX 2.x - 3.2.4 Type of bug: Session Hi-jacking/Admin Access via Cookies Impact: Ability to steal another users account Found-by: HelloWorld Ryan Wray Vendor: Notified Table Of Contents ===================== 1 The Program 2 The Problem 3 The Proo...

[Full-Disclosure] GLSA: vpopmail (200310-01)

GENTOO LINUX SECURITY ANNOUNCEMENT --------------------------------------------------------------------- PACKAGE : vpopmail SUMMARY : Insecure file permissions. DATE : 2003-10-02 18:28 UTC EXPLOIT : local VERSIONS AFFECTED : =5.2.1-r5 FIXED VERSION : 5.2.1-r6 GENTOO BUG : 23502 CVE : none known a...

DSA-381 mysql - buffer overflow

Bulletin has no description...

Owl_Intranet_Engine.txt

-------------------------------------------------- Owl Intranet Engine - File Disclosure Vulnerabilty -------------------------------------------------- Date: 5-12-03 Advisory Url: http://sec.angrypacket.com/advisories.phtml Vendor Home Page: http://owl.sourceforge.net/ Vendor Project Page:...

Multiple SQL injection on OpenBB forums

/----------------------------------------------------------------------------- | 7 A 6 9 - A d v C: 008 |-----------------------------------------------------------------------------| | | SQL injection on OpenBB forums | ----------------------------------------------------------------------------...