963 matches found
Vivvo CMS 4.1.5.1 file disclosure
Exploit for unknown platform in category web applications ================================= Vivvo CMS 4.1.5.1 file disclosure ================================= Description of vulnerable software: Vivvo CMS is an intuitive content management system atop a powerful programming framework, empowering...
phpBB3 - addon prime_quick_style GetAdmin
phpBB3 - addon primequickstyle GetAdmin phpBB3 addon primequickstyle GetAdmin Exploit Vulnerability found and exploited by -SmoG- target file: primequickstyle.php vuln: POST parameter "primequickstyle" is injectable. source: http://www.phpbb.com/community/viewtopic.php?f=70&t=692625 HowTo: after...
phpBB3 addon prime_quick_style GetAdmin Vulnerability
No description provided by source. phpBB3 addon primequickstyle GetAdmin Exploit Vulnerability found and exploited by -SmoG- target file: primequickstyle.php vuln: POST parameter "primequickstyle" is injectable. source: http://www.phpbb.com/community/viewtopic.php?f=70&t=692625 HowTo: after login...
phpBB3 addon prime_quick_style GetAdmin Vulnerability
Exploit for unknown platform in category web applications ===================================================== phpBB3 addon primequickstyle GetAdmin Vulnerability ===================================================== phpBB3 addon primequickstyle GetAdmin Exploit Vulnerability found and exploited...
phpBB3 - addon prime_quick_style GetAdmin
phpBB3 addon primequickstyle GetAdmin Exploit Vulnerability found and exploited by -SmoG- target file: primequickstyle.php vuln: POST parameter "primequickstyle" is injectable. source: http://www.phpbb.com/community/viewtopic.php?f=70&t=692625 HowTo: after login, go to "./ucp.php" and manipulate...
Dust on the network enterprise website management system vulnerability-vulnerability warning-the black bar safety net
company. asp a get way to get the variable id's value is only filtered spaces and judgment Whether the value is empty contains an anti-note only the filter get way to pass the incoming parameter value company. asp it is request. querystring"id" that is not using the post And cookie injection but...
CVE-2009-0643
CVE-2009-0643 describes a static code injection in Simple PHP News 1.0 final. An attacker can inject arbitrary PHP code into news.txt via the post parameter and then trigger execution by requesting display.php, indicating a combination of unsafeguarded input handling and file-based code execution...
CVE-2008-4632
Multiple directory traversal vulnerabilities in index.php in Kure 0.6.3, when magicquotesgpc is disabled, allow remote attackers to read and possibly execute arbitrary local files via a .. dot dot in the 1 post and 2 doc parameters...
Kure 0.6.3 (index.php post,doc) Local File Inclusion Vulnerability
Exploit for unknown platform in category web applications ================================================================== Kure 0.6.3 index.php post,doc Local File Inclusion Vulnerability ================================================================== Kure 0.6.3 index.php post,doc Local File...
CVE-2008-2823
SQL injection vulnerability in newsarchive.php in PHPeasyblog formerly phpeasynews 1.13 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter...
Sql injection
SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows remote attackers to execute arbitrary SQL commands via the post parameter...
BolinOS 4.6.1 - Local File Inclusion / Cross-Site Scripting
Digital Security Research Group DSecRG Advisory DSECRG-08-022 Application: BolinOS Versions Affected: 4.6.1 Vendor URL: http://www.bolinos.com Bugs: Local File Include,Multiple XSS, System information disclosure Exploits: YES Reported: 13.03.2008 Second report: 18.03.2008 Vendor response: none...
Sql injection
SQL injection vulnerability in classes/gelato.class.php in Gelato allows remote attackers to execute arbitrary SQL commands via the post parameter to index.php...
CVE-2007-1244
Cross-site request forgery CSRF vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting X...
DEBIAN-CVE-2007-1244
Cross-site request forgery CSRF vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting X...
CVE-2007-1244
Cross-site request forgery CSRF vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting X...
[Full-disclosure] Remote Sql Injection in EasyMoblog 0.5.1 # 2
·= Security Advisory =· Issue: Sql injection Vulnerability in EasyMoblog by Umberto Caldera. Discovered Date: 30/01/07 Author: Tal Argoni, LegendaryZion. talargoni at gmail.com Product Vendor: http://sourceforge.net/project/showfiles.php?groupid=88633 Ver: easymoblog-0.5.1 Details: EasyMoblog is...
CVE-2006-6773
pages/register/register.php in Fishyshoop 0.930 beta allows remote attackers to create arbitrary administrative users by setting the isadmin HTTP POST parameter to 1...
NoahsClassifieds.txt
Noah's Classifieds is prone to a Cross Site Scripting Vulnerability, due to a failure in the application to properly sanitize the "frommethod" POST parameter in "index.php" : alert'XSS Vulnerable';" Advisory: http://zone14.free.fr/advisories/5/ --Raphael HUCK...
Noah's Classifieds Cross Site Scripting Vulnerability
Noah's Classifieds is prone to a Cross Site Scripting Vulnerability, due to a failure in the application to properly sanitize the "frommethod" POST parameter in "index.php" : html body form method="POST" enctype="multipart/form-data" action="http://www.example.com/classifieds/index.php" input...