Vbulletin 4.0.x => 4.1.3 (messagegroupid) SQL injection Vulnerability 0-day

No description provided by source. Exploit Title: Vbulletin 4.0.x = 4.1.3 messagegroupid SQL injection Vulnerability 0-day Google Dork: intitle: powered by Vbulletin 4 Date: 20/07/2011 Author: FB1H2S Software Link: urlhttp://www.vbulletin.com//url Version: 4.x.x Tested on: relevant os CVE :...

vBulletin 4.0.x 4.1.3 - 'messagegroupid' SQL Injection

Exploit Title: Vbulletin 4.0.x = 4.1.3 messagegroupid SQL injection Vulnerability 0-day Google Dork: intitle: powered by Vbulletin 4 Date: 20/07/2011 Author: FB1H2S Software Link: urlhttp://www.vbulletin.com//url Version: 4.x.x Tested on: relevant os CVE : urlhttp://members.vbulletin.com//url...

vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability

No description provided by source. ==================================================================== vBulletin 4.0.x = 4.1.2 search.php SQL Injection Vulnerability ==================================================================== 888 d8 888 888 ,d d8 e88\888 d88 888-\ 888 e 888-88e ,d888 d8...

Design/Logic Flaw

The PlushSearch2 function in Search.php in Simple Machines Forum SMF before 1.1.13, and 2.x before 2.0 RC5, uses certain cached data in a situation where a temporary table has been created, even though this cached data is intended only for situations where a temporary table has not been created,...

CVE-2011-1131

The PlushSearch2 function in Search.php in Simple Machines Forum SMF before 1.1.13, and 2.x before 2.0 RC5, uses certain cached data in a situation where a temporary table has been created, even though this cached data is intended only for situations where a temporary table has not been created,...

CVE-2011-1131

SMF: The PlushSearch2 function in Search.php affects SMF 1.1.13 and SMF 2.x up to 2.0 RC5, where cached data may be used in a scenario with a temporary table, potentially allowing remote attackers to retrieve sensitive information via a search. Impact is a partial confidentiality breach; no integ...

cubecart 2.0.7 - Multiple Vulnerabilities

cubecart 2.0.7 - Multiple Vulnerabilities Exploit Title: CubeCart 2.0.7 XSS && Remote SQL Injection = Multiple Vulnerabilities Date: June, 14th 2011 GMT +7 Author: Shamus Software Link: http://www.cubecart.com/ Version : CubeCart 2.0.7 Tested on: windows 7, ubuntu 11.04 CVE : -...

vBulletin 4.0.x 4.1.2 - 'search.php' SQL Injection

==================================================================== vBulletin 4.0.x = 4.1.2 search.php SQL Injection Vulnerability ==================================================================== 888 d8 888 888 ,d d8 e88\888 d88 888-\ 888 e 888-88e ,d888 d88 d888 888 d888 888 888d8b 888 888b...

vBulletin 4.0.x SQL Injection / Cross Site Request Forgery

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

vBulletin 4.1.2 SQL Injection

==================================================================== vBulletin 4.0.x = 4.1.2 search.php SQL Injection Vulnerability ==================================================================== 888 d8 888 888 ,d d8 e88\888 d88 888-\ 888 e 888-88e ,d888 d88 d888 888 d888 888 888d8b 888 888b...

CVE-2010-4796

Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow remote attackers to execute arbitrary SQL commands via the 1 provinceid parameter to search.php and the 2 e parameter to resumeview.php...

Sql injection

Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow remote attackers to execute arbitrary SQL commands via the 1 provinceid parameter to search.php and the 2 e parameter to resumeview.php...

Уязвимости в MyBB

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и SQL DB Structure Extraction уязвимостях в MyBB. Уязвимости имеют место в скриптах search.php и private.php. XSS WASC-08: http://websecurity.com.ua/uploads/2011/MyBB20XSS.html...

AWCM 2.x - search.php Cross-Site Scripting

AWCM 2.x - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/47126/info AWCM is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to...

pppBLOG 'search.php' Cross Site Scripting Vulnerability

pppBLOG is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

mvmmall shop Mall system injection vulnerability-vulnerability warning-the black bar safety net

mvmmall shop Mall system, the latest injection 0day issues out in the search search. php this file. The code is as follows: ? php requireonce ‘include/common.inc.php’; requireonce ROOTPATH.’header.php’; if$action!=’ search’ $searchkey = ”; if isset$pssearch //Omitted a bunch of stuff $tagids =...

mvmmall shop Mall system, the latest injection vulnerability and fix(search.php)-vulnerability warning-the black bar safety net

mvmmall shop Mall system, the latest injection 0day issues out in the search search. php this file. The code is as follows: ? php requireonce ‘include/common.inc.php’; requireonce ROOTPATH.’header.php’; if$action!=’ search’ $searchkey = ”; if isset$pssearch //Omitted a bunch of stuff $tagids =...

BoutikOne - 'search.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/46861/info Pixie is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access ...

esp cms injection 0day-vulnerability warning-the black bar safety net

In urldecode the role of the non-filtered result in injection form interface/search.php ---- intaglist ---- $tagkey（ Urldecdoe after processing directly into SQL statement, the injection formedcode omitted Test: http://localhost/espcms/index.php?ac=search&at=taglist&tagkey=dd%2 5 2 7,%2527dd%2 5 ...

Prestashop Cartium 1.3.3 Cross Site Scripting

Hello, In Prestashop Cartium 1.3.3 I have detected multiple Cross Site Scripting XSS vulnerabilities: File Field categoty.php idcategory product.php idproduct search.php searchquery Test pattern for vulnerable versions: "alert1 Kind Regards Antonio San Martino...