CVE-2009-3248

Cross-site request forgery CSRF vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php...

CVE-2009-3248

The CVE-2009-3248 entry describes a CSRF vulnerability in the vtiger CRM 5.0.4 RSS module . The flaw allows remote attackers to hijack the authentication of Admin users by crafting requests to index.php with the rssurl parameter in a Save action, enabling modification of the news feed system. The...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Ulteo Open Virtual Desktop 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to 1 admin/applications.php, 2 admin/appsgroup.php, 3 admin/users.php, 4 admin/usersgroup.php, and 5 admin/tasks.php; 6 show...

UBB.threads 5.5.1 (message) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================== UBB.threads 5.5.1 message Remote SQL Injection Vulnerability ============================================================== Background: ----------- SQL injection has previously...

AJ Auction Pro OOPD 2.3 - id SQL Injection

AJ Auction Pro OOPD 2.3 - id SQL Injection ================================================================================================================== = SSSSS NN N AA K K EEEEE SSSSS TTTTTTTTT EEEEE AA MM MM = = S N N N A A K K E S T E A A M M M M = + SSSSS N N N AAAAAA KKK EEEEE SSSSS T...

AJ Auction Pro OOPD 2.3 (id) SQL Injection Vulnerability

No description provided by source. ================================================================================================================== = SSSSS NN N AA K K EEEEE SSSSS TTTTTTTTT EEEEE AA MM MM = = S N N N A A K K E S T E A A M M M M = + SSSSS N N N AAAAAA KKK EEEEE SSSSS T EEEEE...

E.Z. Poll 2 - Authentication Bypass

E.Z. Poll 2 - Authentication Bypass Description: E.Z. Poll = v.2 script Remote SQL injection Exploit discovered by t0fx aka xtof69 vendor : E.Z. vulnerable page : http://www.site.com/admin/login.asp exploit : Username : 'or' '=' Password : 'or' '=' Add, modify user : /admin/admin-users.asp...

Netartmedia Real Estate Portal 1.2 - ad_id SQL Injection

Netartmedia Real Estate Portal 1.2 - adid SQL Injection Real Estate Portal v1.2 adid Remote SQL Injection Vulnerability Author: Hussin X Home :IQ-SecuriTY www.IQ-TY.com | TrYaG www.TrYaG.cc Mail : [email protected] script : http://www.netartmedia.net/realestate/ DorK : "Powered by Real Estat...

NetArtMedia Blog System (image.php id) SQL Injection Vulnerability

No description provided by source. ================================================================================================================== SSSSS NN N AA K K EEEEE SSSSS TTTTTTTTT EEEEE AA MM MM S N N N A A K K E S T E A A M M M M SSSSS N N N AAAAAA KKK EEEEE SSSSS T EEEEE AAAAAA M M M ...

WordPress Plugin WP Comment Remix 1.4.3 - SQL Injection

Advisory: http://chxsecurity.org/advisories/adv-3-full.txt PoC Mirror: http://chxsecurity.org/proof-of-concepts/wp-comment-remix-143.zip Attention: This is a Proof-of-Concept it was never intended to be fully functional Notes: Uses cURL / // Script Header function head print "\n WP Comment Remix...

indiacareer-sql.txt

. . | / | | \ \ | / / |\ \ \ |/ // / /\ \ / |/ \ / // | / | | / \ /|\ / / / / \ / \ / / / \ | | /\ /\ / \ | \ // est.2007 / / forum.darkc0de.com --d3hydr8 -rsauron-baltazar -sinner01 -C1c4Tr1Z - r4sc4l -QKrun1x-P47tr1ck - FeDeReR -MAGE -JeTFyrE-DON-Outlawz and all darkc0de members...

Netartmedia Jobs Portal 1.3 - Multiple SQL Injections

!R4Q!4N H4CK3R NetArtMedia Jobs Portal 1.3 Multiple Sql Injection Vulnerabilities Website : http://www.netartmedia.net Founded By : Encrypt3d.M!nd Home Page : http://encrypt3d.blogspot.com Remote Sql Injections : Affected Files : index.php PoC: /index.php?mod=search&job=-666 union select...

Simple PHP Blog config/users.php Arbitrary User Password Hash Disclosure

The version of Simple PHP Blog installed on the remote host allows an unauthenticated, remote attacker to retrieve information about non-admin users defined to the application, including their user names and password hashes, which could in turn be used to gain access to the application. While the...

CVE-2008-3948

SQL injection vulnerability in admin/users/self-2.php in XRMS allows remote attackers to execute arbitrary SQL commands and modify name and email fields via unspecified vectors...

CVE-2008-3948

SQL injection vulnerability in admin/users/self-2.php in XRMS allows remote attackers to execute arbitrary SQL commands and modify name and email fields via unspecified vectors...

CVE-2008-3948

CVE-2008-3948: SQL injection in XRMS, affecting admin/users/self-2.php. Remote attackers can execute arbitrary SQL and modify name/email via unspecified vectors. No explicit remediation details provided in the documents; exploitation details not documented.

Vastal I-Tech Jobs Zone (news_id) SQL Injection Vulnerability

No description provided by source. Vastal I-Tech Jobs Zone SQL Injection Vulnerability Author : Stack Script Home Page : http://www.vastal.com/jobs-zone-classifieds-script.html Demo : http://www.vastal.com/jobs/ Exploit:...

Vastal I-Tech Jobs Zone (news_id) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================= Vastal I-Tech Jobs Zone newsid SQL Injection Vulnerability ============================================================= Vastal I-Tech Jobs Zone SQL Injection Vulnerability Auth...

vastal-itechcosmetics.txt

Vastal I-Tech Cosmetics Zone SQL Injection Vulnerability Author : Stack Script Home Page : http://www.vastal.com/cosmetics-zone-a-shopping-cart-for-your-cosmetics-shop-online.html Demo : http://www.vastal.com/cosmeticszone/ Exploit:...

Vastal I-Tech Jobs Zone - news_id SQL Injection

Vastal I-Tech Jobs Zone - newsid SQL Injection Vastal I-Tech Jobs Zone SQL Injection Vulnerability Author : Stack Script Home Page : http://www.vastal.com/jobs-zone-classifieds-script.html Demo : http://www.vastal.com/jobs/ Exploit:...