CVE-2013-2629

Leed Light Feed, possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the 1 importForm, 2 importFeed, 3 addFavorite, or 4 removeFavorite actions in action.php...

CVE-2013-2629

Leed Light Feed, possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the 1 importForm, 2 importFeed, 3 addFavorite, or 4 removeFavorite actions in action.php...

CVE-2013-2629

Leed (Light Feed) before 1.5 Stable is affected by CVE-2013-2629 through an authentication bypass in action.php, enabling remote attackers to access functions such as importForm, importFeed, addFavorite, and removeFavorite without proper user verification. The issue is part of a set of vulnerabil...

CVE-2013-2627

SQL injection vulnerability in action.php in Leed Light Feed, possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action...

Sql injection

SQL injection vulnerability in action.php in Leed Light Feed, possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action...

CVE-2013-2628

Leed (Light Feed) contains CSRF vulnerabilities in action.php (CVE-2013-2628), likely present before 1.5 Stable. The issue arises from missing anti-CSRF tokens, allowing an attacker to perform actions as a logged-in administrator by inducing the admin to visit a malicious link or site. The CSNC a...

CVE-2013-2627

SQL injection vulnerability in action.php in Leed Light Feed, possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action...

CVE-2013-2627

CVE-2013-2627 describes a SQL injection in Leed (Light Feed) through action.php?action=removeFolder&id=... where user input is not properly escaped. The CSNC advisory confirms multiple vulnerabilities in Leed, including this SQL injection, and notes the vendor-provided fix was to upgrade to the l...

Leed - 'id' SQL Injection

source: https://www.securityfocus.com/bid/64426/info Leed is prone to an SQL-injection vulnerability. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

CVE-2012-6552

CVE-2012-6552 affects the phpVMS package (admin/action.php) in the 2.1.x line, vulnerable before 2.1.935. The description gives no explicit root cause, impact, or attack vectors beyond stating an “unspecified vulnerability” with unknown impact. Public references indicate a security fix was releas...

Nucleus v3.61 Multiple Remote File Include

Exploit for php platform in category web applications Nucleus v3.61 === Multiple Remote File Include By n0n0x Homepage: http://priasantai.uni.cc/ Download script :http://sourceforge.net/projects/nucleuscms/ ========================================= nucleus3.61/action.php?DIRLIBS=y0ur g4y...

Nucleus 3.61 - Multiple Remote File Inclusions

Nucleus 3.61 - Multiple Remote File Inclusions Nucleus v3.61 === Multiple Remote File Include By n0n0x Homepage: http://priasantai.uni.cc/ Download script :http://sourceforge.net/projects/nucleuscms/ ========================================= nucleus3.61/action.php?DIRLIBS=y0ur g4y...

Authentication flaw

action.php in SH-News 3.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the shuser and shpass cookies to non-zero values...

PT-2009-2134 · Sh News · Sh-News

Name of the Vulnerable Software and Affected Versions: SH-News version 3.0 Description: The issue allows remote attackers to bypass authentication and gain administrator privileges. This is achieved by setting the shuser and shpass cookies to non-zero values in the 'action.php' file...

shnews-cookie.txt

...:::::SH-News 3.0 Insecure Cookie Handling Vulnerability ::::.... Virangar Security Team www.virangar.net www.virangar.ir -------- Discoverd By :virangar security teamhadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all hackerz greetz:to my best friend in...

SH-News 3.0 Insecure Cookie Handling Vulnerability

No description provided by source. ...:::::SH-News 3.0 Insecure Cookie Handling Vulnerability ::::.... Virangar Security Team www.virangar.net www.virangar.ir -------- Discoverd By :virangar security teamhadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all...

SH-News 3.0 - Insecure Cookie Handling

SH-News 3.0 - Insecure Cookie Handling ...:::::SH-News 3.0 Insecure Cookie Handling Vulnerability ::::.... Virangar Security Team www.virangar.net www.virangar.ir -------- Discoverd By :virangar security teamhadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members &...

SH-News 3.0 Insecure Cookie Handling Vulnerability

Exploit for unknown platform in category web applications ================================================== SH-News 3.0 Insecure Cookie Handling Vulnerability ================================================== ...:::::SH-News 3.0 Insecure Cookie Handling Vulnerability ::::.... -------- Discoverd...

Nucleus 3.31 XSS in path

Hello. Digital Security Research Group DSecRG Advisory DSECRG-08-006 Application: Nucleus CMS Versions Affected: 3.31 Vendor URL: http://nucleuscms.org Bugs: XSS Injestion in URL Exploits: YES Reported: 16.01.2008 Vendor response: 18.01.2008 Date of Public Advisory: 29.01.2008 Authors: Alexandr...

Kravchuk letter script 1.0 (scdir) Remote File Inclusion Vulnerabilities

No description provided by source. ++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++ + K-letter 1.0 Remote File include + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + DownloadScript: http://www.scripts.com.ua/download.php?ID=813 +...