169 matches found
CVE-2015-1442
CVE-2015-1442 describes a SQL injection in ZeroCMS. Affected: ZeroCMS versions 1.3.3, 1.3.2 and earlier. Vulnerability located in views/zero_transact_user.php (administrative backend) where the user_id parameter in a Modify Account action can be exploited by remote authenticated users to execute ...
CVE-2015-1040
Summary (CVE-2015-1040): Multiple XSS vulnerabilities in the administrative backend of BEdita 3.4.0 allow remote authenticated users to inject arbitrary script/HTML via several fields (lrealname in editProfile; data[title] or data[description] in addQuickItem; note text in saveNote; titleBEObject...
CVE-2015-0919
Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the 1 idcat or 2 idclient parameter to backend/main.php...
CVE-2014-9434
Cross-site scripting XSS vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via the title parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via the title parameter...
方维团购最新版通杀注入(附大量案例)
简要描述: RT $$$$$$$$$$$$$$$$$$$$$$$ 详细说明: 官网没成功。但是基本通杀。 存在问题的地方是这个登录接口:m.php?m=User&a=doLogin post:origURL=ghost&password=ghost&email=ghost(email参数没有过滤) 报错注入 http://www.qianrengou.com/m.php?m=User&a=doLogin post:post:origURL=ghost&password=ghost&email=ghost 默认后台:admin.php...
dl_stats Multiple Vulnerabilities
No description provided by source. :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: |:: General Information |:: Advisory/Exploit Title = dlstats Multiple Vulnerabilitie |:: Author = Valentin Hoebel |:: Contact = [email protected] |:: |::...
Easytalk V2.5 任意用户登录
简要描述: Easytalk 而在function authcode()中,唯一用来判别不同网站的key,默认是没有的,那就会使用SITEURL,也就是网站地址:例如http://wb.sol.net.cn这个站点,那SITEURL=http://wb.sol.net.cn 我们可以通过指定SITEURL来得到authcookie: 然后登录 img src="...
The Rubik's Cube Network Camera System injection vulnerability and exploit-vulnerability warning-the black bar safety net
The Rubik's Cube Network Camera System Injection point:/news. php? action=detail&id=SQLi Using the method, the first step through the injection point to obtain the administrator account and password, the password actually is plaintext The second step, 后台地址为/admin.php,go in the admin backend tryin...
Phpaa Cms admin backend to get Shell – 0day-vulnerability warning-the black bar safety net
Edit Site Settings in the site name Content: 1 2 3" ;?& gt;? php eval$POSTc?& gt;; And then the word links: data/website.inc.php eval$POSTc...
The wind God news management static version of 1. 7 vulnerability-vulnerability warning-the black bar safety net
Publishing author: LinkEr Affected versions: V1. 7 static version Official website: Vulnerability type: design flaw Vulnerability Description: The Wind God news management static version of 1. 7 the presence of multiple vulnerabilities. 1.1 The background verify file wwwroot/admin/islogin. asp...
CVE-2010-1482
Cross-site scripting XSS vulnerability in admin/editprefs.php in the backend in CMS Made Simple CMSMS before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the dateformatstring parameter...
Quick guestbook v10. 0 9 The official version upload vulnerability and a Cookie spoofing vulnerability-vulnerability warning-the black bar safety net
Upload vulnerability: Loophole Page:/up/add. asp Use method: directly in the guestbook behind a vulnerability page address: for example: http://localhost/up/add.asp, The local structure of x. asp;. jpg picture Trojan, using iis6. 0 parsing vulnerability. Directly upload. Get the webshell, As for...
DL_Stats Cross Site Scripting / Admin Bypass / SQL Injection
Exploit Title: dlstats Multiple Vulnerabilities Date: 18.04.2010 Author: Valentin Category: webapps/0day Version: Tested on: CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: |:: General Information |:: Advisory/Exploit Title = dlstats Multiple...
dl_stats Multiple Vulnerabilities
Exploit for php platform in category web applications ================================= dlstats Multiple Vulnerabilities ================================= :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: |:: General Information |:: Advisory/Exploit Title = dlstats...
dl_stats - Multiple Vulnerabilities
dlstats - Multiple Vulnerabilities :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: |:: General Information |:: Advisory/Exploit Title = dlstats Multiple Vulnerabilitie |:: Author = Valentin Hoebel |:: Contact = [email protected] |:: |::...
dl_stats - Multiple Vulnerabilities
:::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: |:: General Information |:: Advisory/Exploit Title = dlstats Multiple Vulnerabilitie |:: Author = Valentin Hoebel |:: Contact = [email protected] |:: |:: :::::::::::::::::::::::::::::::::::::: 0x2...
Oriental legend o thinking self-help built Station software vulnerabilities-vulnerability warning-the black bar safety net
Oriental legend o thinking self-help built Station software vulnerabilities Simple is the way./ in. Mainly use for windows 2 0 0 3 iis6 parsing vulnerability Upload format . asp:. jpg put immediately transmitted to Google:personmbcenter/defaultlogin. aspx First register a member! Registration is...
Popular with the left back door method of analysis-vulnerability warning-the black bar safety net
First: In the administrator backend login screen to hide our Backdoor, it is relatively safe Because the administrator of the inlet is not often traded, as long as his login screen on our back door just in! Of course, you also can be flexibly inserted into the other file, as long as this file is...
typecho blog system store cross-site vulnerability&easy to get webshell-vulnerability warning-the black bar safety net
author:hiphop qq group:5 2 9 3 8 7 2 2 转 帖 请 附上 来源 :http://hi.baidu.com/securehiphop/blog/item/f5b3627a1768bcfc0ad187f5.html Today Wake up in the morning eat Breakfast go to download a set of blogs to look at In the admin backend post post place found to the title place the title didn't do better...