CVE-2009-1464

CVE-2009-1464 involves CSRF vulnerabilities in index.aas of Application Access Server (A-A-S) 2.0.48 that allow remote attackers to hijack administrator authentication and trigger actions such as executing arbitrary commands, stopping services, or terminating processes via specific jobs. The vuln...

CVE-2008-6718

U&M Software JustBookIt 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to 1 usermanual.php, 2 userconfig.php, 3 userkundnamn.php, 4 userkundlista.php, 5...

CVE-2008-6717

U&M Software Signup 1.0 and 1.1 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to 1 adminstart.php, 2 admineventtype.php, 3 admineventdetails.php, 4 admineventlist.php, 5...

glFusion <= 1.1.2 COM_applyFilter()/order sql injection exploit

?php / glFusion = 1.1.2 COMapplyFilter/order sql injection exploit by Nine:Situations:Group::bookoo working against Mysql = 4.1 php.ini independent our site: http://retrogod.altervista.org/ software site: http://www.glfusion.org/ google dork: "Page created in" "seconds by glFusion" +RSS...

XGuestBook 2.0 SQL Injection

Author = FireShot , Jacopo Vuga. Mail = fireshotautisticiorg Vulnerability = SQL Admin Auth Bypass Software = XGuestBook v2.0 Download =http://script.wareseeker.com/download/xguestbook.rar/14488 Greets to = Osirys, Myral, str0ke CODE $user = $POST'user'; $pass = md5$POST'pass'; $result =...

CVE-2009-0403

SQL injection vulnerability in admin/authenticate.php in Chipmunk Blogger Script allows remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters...

Chipmunk Blog Add Admin Exploit

0x01 Informations: Script : Chipmunk Blog Download : http://www.chipmunk-scripts.com/blog/blog.zip Vulnerability : Add Admin Exploit\Auth Bypass Author : x0r Contact : [email protected] \ [email protected] Website : NULL 0x02 Bug: \admin\reguser.php \admin\authenticate.php if isset$POST'submit' //...

CVE-2008-5967

admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar aka .ics file with arbitrary content to the calendars/ directory outside the web root...

CVE-2008-5967

admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar aka .ics file with arbitrary content to the calendars/ directory outside the web root...

Authentication flaw

admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok"...

CVE-2008-5219

The password change feature admin/cp.php in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters...

webbwebshop-sql.txt

/ / \ / / / / / / / / / / / /\ / / / / / / / / / / / / / / \ / // // / / / / // // / // / / / / / / / // / / / / / / //, / // //,/// // // /,// // // // EgY Coders Vulnerability Research TM Discovered by : Hakxer Type Gap : WEBBDOMAIN Webshop Auth Bypass All Version Script...

CVE-2008-4162

CVE-2008-4162 describes an open redirect in NooMS 1.1, exploitable through admin/auth.php via the g_site_url parameter to redirect users to arbitrary sites, enabling phishing. The affected software is NooMS 1.1; the vulnerability is tied to improper handling of g_site_url leading to user redirect...

Grafitti Forums 1.0 Remote SQL Injection/HTML Injection Vulnerabilities

No description provided by source. + Grafitti Forums v1.0 Remote SQL Injection/HTML Injection + Discovered By SirGod + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,HrN,kemrayz,007m,str0ke + Remote SQL Injection Vulnerabilities PoC : http://target/path/topics.php?f=SQL Example :...

psipuss-sql.txt

...:::::psipuss version 1.0 SQL Injection Vulnerabilities ::::.... Virangar Security Team www.virangar.net www.virangar.ir -------- Discoverd By :virangar security teamhadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all hackerz greetz:to my best friend in...

psipuss 1.0 Multiple Remote SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications ========================================================= psipuss 1.0 Multiple Remote SQL Injection Vulnerabilities ========================================================= -------- Discoverd By :inj3ct0r special tnx...

psipuss 1.0 - Multiple SQL Injections

psipuss 1.0 - Multiple SQL Injections ...:::::psipuss version 1.0 SQL Injection Vulnerabilities ::::.... Virangar Security Team www.virangar.net www.virangar.ir -------- Discoverd By :virangar security teamhadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & al...

CVE-2008-3509

CVE-2008-3509 affects LoveCMS 1.6.2. The vulnerability arises in system/admin/ where the files addblock.php, blocks.php, and themes.php do not require administrative authentication, allowing remote attackers to change configuration or execute arbitrary PHP code via addition of blocks and other ve...

CVE-2008-3317

admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary searchcookie cookie...

CVE-2008-3033

RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by 1 an IdFlux request to supprimerflux.php and 2 a TpsRafraich request to...