nabopoll 1.2 - Remote Unprotected Admin Section

nabopoll 1.1.2 sensitive file admin without password By : sn0oPy Risk : high site : http://nabocorp.com/ Dork : inurl:"nabopoll/" exploit : acces without password to : http://target/nabopoll/admin/configedit.php http://target/nabopoll/admin/templateedit.php...

Bandwebsite <= 1.5 (Login) Remote Add Admin Exploit

No description provided by source. !-- - Product : Bandsite portal system - Website : http://membres.lycos.fr/fluxx/bandwebsite.php - Author : H0tTurk- WebSiteVersion:1.x - Problem : Admin Added Access. Bandsite is an online portal system designed for Bands. Features: themes support, news posting...

Bandwebsite 1.5 - LOGIN Remote Add Admin

Bandwebsite 1.5 - LOGIN Remote Add Admin Name: Pass: milw0rm.com 2006-12-16...

Bandwebsite <= 1.5 (Login) Remote Add Admin Exploit

Exploit for unknown platform in category web applications =================================================== Bandwebsite Name: Pass: 0day.today 2018-03-28...

Bandsite portal system Admin Added Access

!-- - Product : Bandsite portal system - Website : http://membres.lycos.fr/fluxx/bandwebsite.php - Author : H0tTurk- WebSiteVersion:1.x - Problem : Admin Added Access. Bandsite is an online portal system designed for Bands. Features: themes support, news posting, audio sections, guestbook, tour...

Bandwebsite 1.5 - &#039;LOGIN&#039; Remote Add Admin

Name: Pass: milw0rm.com 2006-12-16...

oscommerce-xss.txt

Oscommerce Multiple XSS in admin section. Vendor url:Http://www.oscommerce.com Advisore:http://lostmon.blogspot.com/2006/11/ oscommerce-multiple-xss-in-admin.html Vendor notify:YES Exploit available: YES osCommerce contains a flaw that allows a remote cross site scripting attack.This flaw exists...

CVE-2006-5121

SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter...

CVE-2006-5121

SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter...

Sql injection in PostNuke [Admin section]

Hi, There is a sql injection bug in PostNuke 0.762 admin section and maybe before versions . The "hits" parameter is not checked properly before be used in sql query : File /modules/Downloads/admin.php, Line 1586 : :: $dbconn-Execute"INSERT INTO $downtable :: $columnlid, :: $columncid, ::...

postnuke -- admin section SQL injection

ISS X-Force reports: PostNuke is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the admin section using the hits parameter, which could allow the attacker to view, add, modify or delete information in the back-end database...

CVE-2006-4757

CVE-2006-4757 affects the e107 CMS version 0.7.5. The vulnerability is described as multiple SQL injection flaws in the admin section, enabling remote authenticated administrative users to execute arbitrary SQL commands via the following parameters: (1) linkopentype, (2) linkrender, (3) link_clas...

Sql injections in e107 [Admin section]

Hi, There is a sql injection in SMF 1.1 RC3, in admin section : When an administrator is going to add a new board, the "curcat" parameter is not checked properly : File /Sources/ManageBoards.php, Line 609 : :: // Create a new board... :: if isset$POST'add' :: :: // New boards by default go to the...

Sql injections in e107 [Admin section]

Hi, There are several sql injections in e107 0.7.5 admin section : I The "linkopentype", "linkrender" and "linkclass" parameters are passed to "dbInsert" function without checking : File /e107admin/links.php, Line 496 : $sql-dbInsert"links", "0, '$linkname', '$linkurl', '$linkdescription',...

CVE-2006-2527

Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter to editmember and the value parameter to 1...

EasyCMS vulnerable to XSS injection.

The Norwegian web-publishing system EasyCMS www.easycms.no contains multiple input flaws letting users conduct successful XSS attacks. Both in the admin section, and the webpage that uses the system is vulnerable to XSS. It does not filter script tags and simple scripting like...

88Script&#39;s Event Calendar v2.0 SQL inj. vuln.

88Script's Event Calendar v2.0 SQL inj. vuln. Vuln. dicovered by : r0t Date: 29 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/88scripts-event-calendar-v20-sql-inj.html Vendor:http://www.88scripts.com/ affected version: v2.0 and prior Product Description: A simple yet elegant even...

ipb.2.1-english.txt

Fast translation of benji's advisory Author : benjilenoob WebSite : http://benji.redkod.org/ and http://www.redkod.org/ Audit in pdf : http://benji.redkod.org/audits/ipb.2.1.pdf Product : Invision power board Version : 2.1 Tisk : Low. XSS I- XSS non critical: -------------------- 1. Input passed ...

ipb.2.1.txt

Auteur : benjilenoob WebSite : http://benji.redkod.org/ and http://www.redkod.org/ Audit in pdf : http://benji.redkod.org/audits/ipb.2.1.pdf Produit : Invision power board Version : 2.1 Types de failles : Xss permanentes et non permanentes. Risque : Faible. I- failles XSS non critique:...

PhotoPost PHP Pro Multiple Vulnerabilities

Executive Overview ------------------ Cloisterblog, a general usage web blog written in perl suffers from multiple XSS and directory transversal issues as well as a design flaw in the admin section. Program Description -------------------- Cloisterblog...