RobotStats 1.0 - HTML Injection

Title : RobotStats v1.0 HTML Injection Vulnerability Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Twitter : https://twitter.com/milw00rm or @milw00rm Date : 22.11.2014 Demo : http://alpesoiseaux.free.fr/robotstats/ Download :...

QnECMS <= 2.5.6 (adminfolderpath) Remote File Inclusion Exploit

No description provided by source...

WeBid <= 0.7.3 RC9 Multiple Remote File Inclusion Vulnerabilities

No description provided by source. ----------------------------------------------------------------------------------------- ECHOADV104$2009 WeBid = 0.7.3 RC9 Multiple Remote File Inclution Vulnerabilities -----------------------------------------------------------------------------------------...

Pointter PHP Content Management System 1.0 Privilege Escalation

'Pointter PHP Content Management System' Unauthorized Privilege Escalation CVE-2010-4332 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'Pointter PHP Content Management System' authentication system which allows for...

Accounting Portal Authentication Bypass

www.Ostoure.com | | Ostoure Security Research Team | | Title: Accounting Portal authentication Bypass | Vendor: Parsonline - Parsway ISP | Exploitation: Remote with browser ==================== - Description: ==================== The data in the admin folder "DesktopModules" can be accessed via a...

Phenotype CMS 2.8 - login.php?user Blind SQL Injection

Phenotype CMS 2.8 - login.php?user Blind SQL Injection Phenotype v2.8 Blind Sql Injection AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : http://ircrash.com My Official WebSite : http://r3dw0rm.ir IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm Sina...

Phpay - Local File Inclusion

By Michael Brooks Vulnerability Type:Local File Inclusion Software: Phpay Homepage:http://sourceforge.net/projects/phpay/ Version Affected:2.02.1 Phpay has been affected by multiple local file include flaws, as a result this patch was written: $config = eregreplace":","", $config; $config =...

CVE-2007-4290

Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the scriptroot parameter to 1 delete.php, 2 edit.php, or 3 inc/common.inc.php; or 4 database.php, 5 entries.php, 6 index.php, 7 logout.php, or 8 settings.ph...

Ray Chi-news publishing system(any version)exploit-vulnerability warning-the black bar safety net

Copyright to the vulnerability discoverer focn all, reproduced please keep the article intact, and indicate the source of! This article only do the study with, to any person for any illegal purpose himself does not bear any responsibility! Author: black radish System: ray Chi press release...

Design/Logic Flaw

Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js." NOTE: it was later reported that this issue had been addressed by 5.1.2...

CVE-2007-1044

Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js." NOTE: it was later reported that this issue had been addressed by 5.1.2...

CVE-2007-1044

Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js." NOTE: it was later reported that this issue had been addressed by 5.1.2...

CVE-2007-1044

The CVE-2007-1044 issue affects Pearson Education PowerSchool 4.3.6, where remote attackers could enumerate contents of the admin folder by requesting a URI composed of the admin/ directory and a .js filename. The underlying impact is partial confidentiality loss. A fix is noted as addressed by P...

Improper access control

lblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a certain file in admin/db/newFolder/...

Indexu 5.0.1 - admin_template_path Remote File Inclusion

Indexu 5.0.1 - admintemplatepath Remote File Inclusion indexu remote file include -------------------------------------------------| Discovered By CrAshoVeRrIdE | Arabian Security Team | -------------------------------------------------| site of script:http://www.nicecoder.com/...

Remote file inclusion

PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALSAAINCPATH parameter in 1 cached.php3, 2 cron.php3, 3 discussion.php3, 4 filldisc.php3, 5 filler.php3, 6 fillform.php3, 7 go.php3, 8 hiercons.php3, 9...

APC ActionApps CMS 2.8.1 Remote File Include Vulnerabilities

No description provided by source. DEVIL TEAM THE BEST POLISH TEAM APC ActionApps CMS 2.8.1 - Remote File Include Vulnerabilities Find by Kacper Rahim. Greetings For ALL DEVIL TEAM members, Special DragonHeart : Contact: [email protected] or http://www.devilteam.yum.pl site:...

APC ActionApps CMS 2.8.1 - Remote File Inclusion

DEVIL TEAM THE BEST POLISH TEAM APC ActionApps CMS 2.8.1 - Remote File Include Vulnerabilities Find by Kacper Rahim. Greetings For ALL DEVIL TEAM members, Special DragonHeart : Contact: [email protected] or http://www.devilteam.yum.pl site: http://sourceforge.net/projects/apc-aa/ / cached.php3:...

[ECHO_ADV_28$2006] Clever Copy &lt;= 3.0 Connect.inc Critical Information Disclosure

/ / | | / // / | | Y / | / / /| / / / / / / .OR.ID ECHOADV28$2006 --------------------------------------------------------------------------- ECHOADV28$2006 Clever Copy = 3.0 Connect.inc Critical Information Disclosure ---------------------------------------------------------------------------...

Virtual War File &#304;nclusion

Virtual War File nclusion --------------------------------- Site:http://www.vwar.de/ Demo:http://www.vwar.de/demo/ --------------------------------------- File nclusion // get functions $vwarroot = "./"; require $vwarroot . "includes/functionscommon.php"; require $vwarroot...