3170 matches found
CVE-2006-5086
Blog Pixel Motion 2.1.1 allows remote attackers to change the username and password for the admin user via a direct request to inserebase.php with modified 1 login and 2 pass parameters. NOTE: this issue was claimed to be SQL injection by the original researcher, but it is not...
CVE-2006-5085
Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nomblog parameter, which is injected into include/variables.php...
CVE-2006-5085
Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nomblog parameter, which is injected into include/variables.php...
CVE-2006-5086
Blog Pixel Motion 2.1.1 is affected. The vulnerability allows remote attackers to change the admin username and password via a direct request to insere_base.php using modified (1) login and (2) pass parameters. The original researcher claimed SQL injection, but the report notes that this is not S...
CVE-2006-5085
CVE-2006-5085 affects Blog Pixel Motion 2.1.1. The vulnerability is a static code injection in config.php where the nom_blog parameter is injected into include/variables.php, enabling remote attackers to execute arbitrary PHP code. The available connected documents confirm the affected software v...
CVE-2006-5086
Blog Pixel Motion 2.1.1 allows remote attackers to change the username and password for the admin user via a direct request to inserebase.php with modified 1 login and 2 pass parameters. NOTE: this issue was claimed to be SQL injection by the original researcher, but it is not...
Blog Pixel Motion 2.1.1 PHP Code Execution / Create Admin Exploit
Exploit for unknown platform in category web applications ================================================================= Blog Pixel Motion 2.1.1 PHP Code Execution / Create Admin Exploit ================================================================= !/usr/bin/perl Affected.scr..: Blog Pixel...
Blog Pixel Motion 2.1.1 PHP Code Execution / Create Admin Exploit
No description provided by source. !/usr/bin/perl Affected.scr..: Blog Pixel Motion V2.1.1 Poc.ID........: 12060927 Type..........: PHP Code Execution stripslashes, SQL Injection urldecode Risk.level....: High Vendor.Status.: Unpatched Src.download..: www.pixelmotion.org/zip/blog2.1.zip...
Blog Pixel Motion 2.1.1 - PHP Code Execution Create Admin
Blog Pixel Motion 2.1.1 - PHP Code Execution Create Admin !/usr/bin/perl Affected.scr..: Blog Pixel Motion V2.1.1 Poc.ID........: 12060927 Type..........: PHP Code Execution stripslashes, SQL Injection urldecode Risk.level....: High Vendor.Status.: Unpatched Src.download..:...
Blog Pixel Motion 2.1.1 - PHP Code Execution / Create Admin
!/usr/bin/perl Affected.scr..: Blog Pixel Motion V2.1.1 Poc.ID........: 12060927 Type..........: PHP Code Execution stripslashes, SQL Injection urldecode Risk.level....: High Vendor.Status.: Unpatched Src.download..: www.pixelmotion.org/zip/blog2.1.zip Poc.link......:...
BPMSQL.txt
+Blog Pixel Motion +Sowtware's Web Site:www.pixelmotion.org +founded by Morocco Security Team +creetz to:SnIpErSA,Esp!onLeRaVaGe,CiM-TeaM,Kasparov,nabil,sniper,www.lezr.com and all muslim morocco +http://victim/blog/admin/index.php +user:moroccan-security //you can write any name : +pass:' or...
Sql injection
Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the 1 date parameter in index.php or bypass authentication via the 2 password parameter in admin/index.php...
CVE-2006-1426
Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the 1 date parameter in index.php or bypass authentication via the 2 password parameter in admin/index.php...
CVE-2006-1426
Pixel Motion Blog is affected by multiple SQL injection vulnerabilities disclosed for CVE-2006-1426. The issues allow remote attackers to execute arbitrary SQL commands through the date parameter in index.php or bypass authentication via the password parameter in admin/index.php. The NVD entry ci...
CVE-2006-1426
Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the 1 date parameter in index.php or bypass authentication via the 2 password parameter in admin/index.php...
Blog Pixel Motion<=1.xx Authentication Bypass Vulnerability & SQL injection
+Blog Pixel Motion +Sowtware's Web Site:www.pixelmotion.org +founded by Morocco Security Team +creetz to:SnIpErSA,Esp!onLeRaVaGe,CiM-TeaM,Kasparov,nabil,sniper,www.lezr.com and all muslim morocco +http://victim/blog/admin/index.php +user:moroccan-security //you can write any name : +pass:' or...
Pixel Motion - 'index.php?date' SQL Injection
source: https://www.securityfocus.com/bid/17260/info Pixel Motion is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...
Pixel Motion - adminindex.php Multiple SQL Injections
Pixel Motion - adminindex.php Multiple SQL Injections source: https://www.securityfocus.com/bid/17260/info Pixel Motion is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query...
Pixel Motion - index.php?date SQL Injection
Pixel Motion - index.php?date SQL Injection source: https://www.securityfocus.com/bid/17260/info Pixel Motion is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A...
Pixel Motion - '/admin/index.php' Multiple SQL Injections
source: https://www.securityfocus.com/bid/17260/info Pixel Motion is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...