Code injection

scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options...

CVE-2008-0451

Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 siteadmin/article-edit.php; and unspecified parameters to 2 submitted-edit.php, 3 page-edit.php, 4 section-edit.php, 5 staff-edit.php, and 6...

Sql injection

Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the 1 status, 2 sort, and 3 way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the 4 msg and 5 password...

Sql injection

SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter...

CVE-2008-0277

Unspecified vulnerability in the Fileshare module for Drupal allows remote authenticated users with node-creation privileges to execute arbitrary code via unspecified vectors...

LulieBlog 1.0.1 - Remote Authentication Bypass

LulieBlog 1.0.1 - Remote Authentication Bypass -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- LulieBlog 1.0.1 delete id Remote Admin Bypass Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- bug found by ka0x contact: D.O.M TEAM 2008 we are: ka0x, an0de,...

LulieBlog 1.0.1 - Remote Authentication Bypass

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- LulieBlog 1.0.1 delete id Remote Admin Bypass Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- bug found by ka0x contact: D.O.M TEAM 2008 we are: ka0x, an0de, xarnuz from spain download:...

0DayDB 2.3 - id Remote Authentication Bypass

0DayDB 2.3 - id Remote Authentication Bypass !/usr/bin/perl Autor : Pr0metheuS Script : 0DayDB v2.3 Version : v2.3 Dork : "Powered By 0DayDB v2.3" Gr33tz-Team.org use LWP::UserAgent; if@ARGV!=3 print "\n"; print "0DayDB v2.3 Remote Admin Bypass\n"; print "perl $0 \n"; print "downloads ID for...

0DayDB 2.3 - 'id' Remote Authentication Bypass

!/usr/bin/perl Autor : Pr0metheuS Script : 0DayDB v2.3 Version : v2.3 Dork : "Powered By 0DayDB v2.3" Gr33tz-Team.org use LWP::UserAgent; if@ARGV!=3 print "\n"; print "0DayDB v2.3 Remote Admin Bypass\n"; print "perl $0 \n"; print "downloads ID for delete\n"; print "\n"; $site,$path,$id=@ARGV; sub...

CVE-2007-6600

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for 1 VACUUM and 2 ANALYZE operations within index functions, and supports 3 SET ROLE and 4 SET SESSION AUTHORIZATION within inde...

CVE-2007-6552

Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. dot dot in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/adminusers.php to bypass a protection...

CVE-2007-6504

Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter...

Sql injection

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 email and 2 loginname parameters to Hosting/Addreseller.asp, 3 the sortfield parameter to accounts/accountmanager.asp, 4 the...

CVE-2007-6503

CVE-2007-6503 affects Hosting Controller 6.1 with Hotfix 3.3 and earlier. The issue arises from multiple unspecified vulnerabilities that allow remote authenticated users to modify plans: (1) importing an arbitrary plan via hosting/importhostingplans.asp, or (2) changing an arbitrary plan via hos...

CVE-2007-6502

CVE-2007-6502 affects Hosting Controller 6.1 Hotfix 3.3 and earlier. The vulnerability exposes sensitive information through: (1) AdminName and AdminLevel parameters in fp2000/NEWSRVR.asp that disclose usernames; (2) certain XML HTTP requests to hosting/css.asp via Microsoft.XMLHTTP/MSXML2.XMLHTT...

CVE-2007-6498

CVE-2007-6498 : Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL via parameters to Hosting/Addreseller.asp (email, loginname), accounts/accountmanager.asp (sortfield), OpenApi/GatewayVariables.asp (G...

CVE-2007-6495

incnewuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named 1 db, 2 www, 3 Special, and 4 log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to...

mysql: possible system table information overwrite using symlinks

MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system...

mysql DoS in the InnoDB Engine

The convertsearchmodetoinnobase function in hainnodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service database crash via a certain CONTAINS operation on an indexed column, which triggers an assertion error...

CVE-2007-6399

CVE-2007-6399 affects Flat PHP Board 1.2 and earlier. The vulnerability allows remote authenticated users to obtain the current user’s password by reading the password parameter value in the HTML source of the page generated by a profile action. The underlying cause is exposure of the password pa...