536 matches found
CVE-2008-2012
SQL injection vulnerability in index.php in the PostSchedule 1.0 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the eid parameter in an event action...
postnukefg-sql.txt
Vuln: Postnuke Mod pnFlashGames Blind SQL/SQL all version Vulnerability Author: Vulnerability search Kacper kacper1964atyahoo.pl dork: inurl:"index.php?module=pnFlashGames" Author Homepage: http://devilteam.pl/ If magicquotesgpc = off -==== Vuln to old 2 version:...
PostNuke Module pnFlashGames <= 2.5 SQL Injection Vulnerabilities
Exploit for unknown platform in category web applications ================================================================= PostNuke Module pnFlashGames 2 version: index.php?module=pnFlashGames&func=display&id=-1+union+select+concatpnuname,char58,pnpass,1,2,3,4,5,6,7,8+from+nukeusers+where+uid=2/...
PostNuke Module pnFlashGames <= 2.5 SQL Injection Vulnerabilities
No description provided by source. Vuln: Postnuke Mod pnFlashGames Blind SQL/SQL all version Vulnerability Author: Vulnerability search Kacper kacper1964atyahoo.pl dork: inurl:"index.php?module=pnFlashGames" Author Homepage: http://devilteam.pl/ If magicquotesgpc = off -==== Vuln to old 2 version...
PostNuke Module pnFlashGames 2.5 - SQL Injection
PostNuke Module pnFlashGames 2.5 - SQL Injection Vuln: Postnuke Mod pnFlashGames Blind SQL/SQL all version Vulnerability Author: Vulnerability search Kacper kacper1964atyahoo.pl dork: inurl:"index.php?module=pnFlashGames" Author Homepage: http://devilteam.pl/ If magicquotesgpc = off -==== Vuln to...
PostNuke Module pnFlashGames 2.5 - SQL Injection
Vuln: Postnuke Mod pnFlashGames Blind SQL/SQL all version Vulnerability Author: Vulnerability search Kacper kacper1964atyahoo.pl dork: inurl:"index.php?module=pnFlashGames" Author Homepage: http://devilteam.pl/ If magicquotesgpc = off -==== Vuln to old 2 version:...
PostNuke Module PostSchedule (eid) SQL Injection Vulnerability
Exploit for unknown platform in category web applications ============================================================== PostNuke Module PostSchedule eid SQL Injection Vulnerability ============================================================== Vuln: Postnuke Mod PostSchedule SQL Vuln Author: Vul...
postnukeschedule-sql.txt
Vuln: Postnuke Mod PostSchedule SQL Vuln Author: Vuln search Kacper kacper1964atyahoo.pl google:"PostSchedule ver 1" Vuln: index.php?module=PostSchedule&view=event&eid=-1'+union+select+0,1,2,3,4,5,6,7,8,concatpnuname,char58,pnpass,10,11,12,13//from//nukeusers//where//pnuid=2/ $Severo: Moga byc...
PostNuke Module PostSchedule (eid) SQL Injection Vulnerability
No description provided by source. Vuln: Postnuke Mod PostSchedule SQL Vuln Author: Vuln search Kacper kacper1964atyahoo.pl google:"PostSchedule ver 1" Vuln:...
PostNuke Module PostSchedule 1.0 - eid SQL Injection
PostNuke Module PostSchedule 1.0 - eid SQL Injection Vuln: Postnuke Mod PostSchedule SQL Vuln Author: Vuln search Kacper kacper1964atyahoo.pl google:"PostSchedule ver 1" Vuln:...
PostNuke Module PostSchedule 1.0 - 'eid' SQL Injection
Vuln: Postnuke Mod PostSchedule SQL Vuln Author: Vuln search Kacper kacper1964atyahoo.pl google:"PostSchedule ver 1" Vuln: index.php?module=PostSchedule&view=event&eid=-1'+union+select+0,1,2,3,4,5,6,7,8,concatpnuname,char58,pnpass,10,11,12,13//from//nukeusers//where//pnuid=2/ $Severo: Moga byc...
Sql injection
The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magicquotesruntime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENTIP...
CVE-2008-1591
The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magicquotesruntime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENTIP...
CVE-2008-1591
The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magicquotesruntime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENTIP...
CVE-2008-1591
The CVE-2008-1591 issue affects PostNuke 0.764 and earlier, where pnVarPrepForStore does not sanitize input when magic_quotes_runtime is enabled. This allows remote attackers to perform SQL injection and execute arbitrary SQL commands via server variables, demonstrated via the CLIENT_IP (HTTP_CLI...
PostNuke pnVarPrepForStore()函数SQL注入漏洞
BUGTRAQ ID: 28407 PostNuke是一款开放源码、开放开发的内容管理系统(CMS)。 PostNuke的pnVarPrepForStore函数中存在SQL盲注漏洞,远程攻击者可能利用此漏洞非授权操作数据库。 以下是有漏洞部分的代码: 1. function pnVarPrepForStore 2. 3. $resarray = array; 4. foreach funcgetargs as $ourvar 5. if !getmagicquotesruntime && !isarray$ourvar 6. $ourvar = addslashes$ourvar; 7...
PostNuke <= 0.764 Blind SQL Injection Exploit
No description provided by source. !/usr/bin/python ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ ...
PostNuke <= 0.764 Blind SQL Injection Exploit
Exploit for unknown platform in category web applications ============================================= PostNuke | |||| /| / / ================================================================================================= This was a priv8 Exploit...
PostNuke 0.764 - Blind SQL Injection
PostNuke 0.764 - Blind SQL Injection !/usr/bin/python ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / =================================================================================================...
PostNuke 0.764 - Blind SQL Injection
!/usr/bin/python ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / ================================================================================================= This was a priv8 Exploit...