320 matches found
Prozilla Reviews Script 1.0 Arbitrary Delete User Vulnerability
Exploit for unknown platform in category web applications =============================================================== Prozilla Reviews Script 1.0 Arbitrary Delete User Vulnerability ===============================================================...
Gaming Directory 1.0 (cat_id) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ================================================================ Gaming Directory 1.0 catid Remote SQL Injection Vulnerability ================================================================...
PowerNews (Newsscript) 2.5.6 Local File Inclusion Vulnerabilities
No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-014 Application: PowerNews Newsscript Versions Affected: 2.5.6 Vendor URL: http://www.powerscripts.org/ Bug: Multiple Local File Include Exploits: YES Reported: 01.02.2008 Vendor Response: none Solution:...
MySpace Content Zone 3.x Remote File Upload Vulnerability
No description provided by source. ---------------------------------------------------- +-MySpace Content Zone RFi-+ ---------------------------------------------------- Found By Don & breakerunit ---------------------------------------------------- Vuln file: /admin/uploadgames.php Fix: secure...
MySpace Content Zone 3.x - Arbitrary File Upload
MySpace Content Zone 3.x - Arbitrary File Upload ---------------------------------------------------- +-MySpace Content Zone RFi-+ ---------------------------------------------------- Found By Don & breakerunit ---------------------------------------------------- Vuln file: /admin/uploadgames.php...
MySpace Content Zone 3.x Remote File Upload Vulnerability
Exploit for unknown platform in category web applications ========================================================= MySpace Content Zone 3.x Remote File Upload Vulnerability ========================================================= ---------------------------------------------------- +-MySpace...
MySpace Content Zone 3.x - Arbitrary File Upload
---------------------------------------------------- +-MySpace Content Zone RFi-+ ---------------------------------------------------- Found By Don & breakerunit ---------------------------------------------------- Vuln file: /admin/uploadgames.php Fix: secure admin area Dork: "Powered by MySpace...
Myspace Clone Script Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ======================================================= Myspace Clone Script Remote SQL Injection Vulnerability =======================================================...
Myspace Clone Script - SQL Injection
Myspace Clone Script - SQL Injection --==+================================================================================+==-- --==+ Myspace Clone Script SQL Injection Vulnerabilitys +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz...
Myspace Clone Script - SQL Injection
--==+================================================================================+==-- --==+ Myspace Clone Script SQL Injection Vulnerabilitys +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE: datecomm.com DORK...
JBlog 1.0 (index.php id) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ===================================================== JBlog 1.0 index.php id Remote SQL Injection Exploit ===================================================== Script....................................: JBlog ver 1.0 Script...
CVE-2007-4419
Admin.php in Olate Download od 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area...
Authentication flaw
Admin.php in Olate Download od 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area...
CVE-2007-4419
CVE-2007-4419 affects Olate Download (od) 3.4.1. Admin.php uses an OD3_AutoLogin cookie created from an MD5 hash of the admin username, user id, and group id, which can be guessed, enabling remote attackers to access the Admin area. In the provided sources, the vulnerability details are limited t...
Inmostore 4.0 - 'index.php' SQL Injection
source: https://www.securityfocus.com/bid/24884/info Inmostore is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or...
Techno Dreams GuestBook Remote XSS Exploit
------------------------------------------------------------------ - Techno Dreams GuestBook Remote XSS Exploit - -= http://colander.altervista.org/advisory/TDGuestBook.txt =- ------------------------------------------------------------------ -= Techno Dreams GuestBook Latetest Version =-...
ADVISORY: ASPDOTNETSTOREFRONT Improper Upload Validation
ASPDOTNETSTOREFRONT Improper Upload Validation Release Date: June 9, 2004 Severity: HIGH Vendor: AspDotNetStorefront.com A Division of Discovery Productions, Inc. Software: Tested on AspDotNetStorefront 3.3 Previous versions may also be affected. Remote: Remotely executed from any web browser...
DCP-Portal (PHP)
Informations : °°°°°°°°°°°°°° Version : 5.0.1 Website : http://www.dcp-portal.org Problems : - Include file - Access to users' accounts - Access to the administration PHP Code/ Location : °°°°°°°°°°°°°°°°°°°° The first & second hole will work if registerglobals is ON. /library/editor/editor.php :...
CaupoShop: cross-site-scripting bug
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ppp-design found the following cross-site-scripting bug in CaupoShop and probably in CaupoShopPro: Details - ------- Product: CaupoShop and probably CaupoShopPro Version: 1.30a CaupoShop and maybe all versions before OS affected: all OS with php and...
Akopia Interchange E-commerce Package Demo Files Vulnerability
A serious security vulnerability has been found in the default installation of the Interchange demo stores 'barry', 'basic', and 'construct' distributed in Interchange versions 4.5.3 through 4.6.3. Using a group login that had no password set by default, it is possible to log in to the back-end...