Pligg CMS 9.9.0 - Cross-Site Scripting Local File Inclusion SQL Injection

Pligg CMS 9.9.0 - Cross-Site Scripting Local File Inclusion SQL Injection GulfTech Security Research July 30, 2008 Vendor : Pligg LLC URL : http://www.pligg.com/ Version : Pligg alertdocument.cookie; The above example link would display the end users cookie to them. Of course this can also be use...

Vulnerabilities in PostNuke Phoenix

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation и Cross-Site Scripting уязвимостях в PostNuke Phoenix. Insufficient Anti-automation: Уязвимость в user.php в модуле NS-NewUser...

Unfixed XSS vulnerability at www.iauq.ac.ir

Security researcher MK, has submitted on 13/07/2008 a cross-site-scripting XSS vulnerability affecting www.iauq.ac.ir, which at the time of submission ranked 886585 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/07/2009. It is currently...

CVE-2008-3070

Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user'language' variable, probably related to SQL injection...

Sql injection

Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user'language' variable, probably related to SQL injection...

Sql injection

Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote attackers to execute arbitrary SQL commands via 1 the q parameter to search.php, or the n parameter to 2 user.php or 3 uss.php...

CVE-2008-2668

CVE-2008-2668 : The provided documents identify multiple cross-site scripting (XSS) vulnerabilities in the web application yBlog 0.2.2.2 . The vulnerabilities can be triggered by user-supplied input in the following parameters: (1) the q parameter to search.php, and (2) the n parameter to either ...

CVE-2008-2668

Multiple cross-site scripting XSS vulnerabilities in yBlog 0.2.2.2 allow remote attackers to inject arbitrary web script or HTML via 1 the q parameter to search.php, or the n parameter to 2 user.php or 3 uss.php...

yBlog 0.2.2.2 (XSS/SQL) Multiple Remote Vulnerabilities

No description provided by source. / | || | | | | | | | | /| | | | | || ||| ||||| || C. H. R. O. O. T. SECURITY GROUP - -- ----- --- -- -- ---- --- -- - http://www.chroot.org Hacks In Taiwan | || | | | | | | | Conference 2008 | |&nbsp...

Yblog 0.2.2.2 - Cross-Site Scripting / SQL Injection

/ | || | | | | | | | | /| | | | | || ||| ||||| || C. H. R. O. O. T. SECURITY GROUP - -- ----- --- -- -- ---- --- -- - http://www.chroot.org Hacks In Taiwan | || | | | | | | | Conference 2008 | | | | | | | | | || ||| || |||| http://www.hitcon.org Title =======:: yBlog 0.2.2.2 Multiple Remote...

Yblog 0.2.2.2 - Cross-Site Scripting SQL Injection

Yblog 0.2.2.2 - Cross-Site Scripting SQL Injection / | || | | | | | | | | /| | | | | || ||| ||||| || C. H. R. O. O. T. SECURITY GROUP - -- ----- --- -- -- ---- --- -- - http://www.chroot.org Hacks In Taiwan | || | | | | | | | Conference 2008 | | | | | | | | | || ||| || ||||...

Sql injection

SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter...

auracms-bypass.txt

!/usr/bin/perl Indonesian Newhack Security Advisory ------------------------------------ AuraCMS 2.x user.php - Security Code Bypass & Add Administrator Exploit Waktu : Feb 28 2008 08:00PM Software : AuraCMS Versi : 2.0 2.1 2.2.1 http://www.r57shell.in/r57.txt? -----------------------------------...

AuraCMS 2.x (user.php) - Security Code Bypass & Add Administrator Exploit

!/usr/bin/perl Indonesian Newhack Security Advisory ------------------------------------ AuraCMS 2.x user.php - Security Code Bypass & Add Administrator Exploit Waktu : Feb 28 2008 08:00PM Software : AuraCMS Versi : 2.0 2.1 2.2.1 http://www.r57shell.in/r57.txt? -----------------------------------...

AuraCMS 2.x (user.php) Security Code Bypass / Add Administrator Exploit

Exploit for unknown platform in category web applications ======================================================================= AuraCMS 2.x user.php Security Code Bypass / Add Administrator Exploit ======================================================================= !/usr/bin/perl Indonesian...

AuraCMS 2.x (user.php) Security Code Bypass / Add Administrator Exploit

No description provided by source. !/usr/bin/perl Indonesian Newhack Security Advisory ------------------------------------ AuraCMS 2.x user.php - Security Code Bypass & Add Administrator Exploit Waktu : Feb 28 2008 08:00PM Software : AuraCMS Versi : 2.0 2.1 2.2.1 Vendor : http://www.auracms.org/...

AuraCMS 2.x - '/user.php' Security Code Bypass / Arbitrary Add Administrator

!/usr/bin/perl Indonesian Newhack Security Advisory ------------------------------------ AuraCMS 2.x user.php - Security Code Bypass & Add Administrator Exploit Waktu : Feb 28 2008 08:00PM Software : AuraCMS Versi : 2.0 2.1 2.2.1 Vendor : http://www.auracms.org/ ----------------------------------...

CVE-2008-0613

Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoopsredirect parameter...

CVE-2008-0613

CVE-2008-0613 describes an open redirect vulnerability in XOOPS 2.0.18, exploitable through the xoops_redirect parameter in htdocs/user.php to redirect users to arbitrary sites. Public references (NVD, PRION, CVE List, CVELIST, etc.) confirm the issue; no explicit exploit code or active exploit s...

CVE-2007-4143

CVE-2007-4143 affects the phpCoupon Billing Control Panel (user.php). Affected: remote authenticated users can upgrade to Premium Member status by modifying a URL that includes a specific billing parameter and the substrings REQ=auth, status=success, and custom=upgrade; this may also relate to Pa...