lokicms-lfi.txt

LokiCMS 0.3.4 admin.php Create Local File Inclusion Exploit url: http://www.lokicms.com/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use it at your own risk. Author will be not responsibl...

LokiCMS 0.3.4 (admin.php) Create Local File Inclusion Exploit

Exploit for unknown platform in category web applications ============================================================= LokiCMS 0.3.4 admin.php Create Local File Inclusion Exploit ============================================================= LokiCMS 0.3.4 admin.php Create Local File Inclusion...

LokiCMS 0.3.4 - admin.php Create Local File Inclusion

LokiCMS 0.3.4 - admin.php Create Local File Inclusion LokiCMS 0.3.4 admin.php Create Local File Inclusion Exploit url: http://www.lokicms.com/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose...

lokicms034-exec.txt

Author: GiReX Homepage: http://girex.altervista.org CMS: LokiCMS 0.3.4 URL: http://www.lokicms.com/ Description: LokiCMS is still vulnerable to Remote Command Execution see: http://milw0rm.com/exploits/5408 The exploit changed becouse the vars changed but the bugged function is the same:...

CVE-2008-4526

Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the skin parameter to 1 index.php, 2 forums.php, 3 admin.php, 4 header.php, 5 pages/story.php and 6 pages/poll.php...

Directory traversal

Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the skin parameter to 1 index.php, 2 forums.php, 3 admin.php, 4 header.php, 5 pages/story.php and 6 pages/poll.php...

CCMS 3.1 - skin Local File Inclusion

CCMS 3.1 - skin Local File Inclusion + CCMS 3.1 skin Multiple Local File Inclusion Vulnerabilities + Discovered By SirGod + wWw.MorTal-TeaM.OrG + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,HrN,kemrayz,007m,Raven,Nytr0gen,str0ke + Download Script :...

E-Uploader Pro 1.0 - Multiple SQL Injections

E-Uploader Pro = 1.0 SQL Injection Vulnerability Author: !DoktOR! Date found: 26.08.08 Product: E-Uploader Pro Version: 1.0 Price: $49 URL: www.scriptsfrenzy.com Download script: http://rapidshare.com/files/18285945/E-UploaderPro.PHP.NULL-DGTlicense.zip Vulnerability Class: SQL Injection Conditio...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in Quick.Cart 3.1 allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2008-4139

CVE-2008-4139 describes a Cross-site Scripting (XSS) vulnerability in OpenSolution Quick.Cms.Lite 2.1, specifically in admin.php, where an attacker can inject arbitrary script/HTML via the query string. The available sources confirm the affected component but do not provide details on root cause ...

CVE-2008-4140

Cross-site scripting XSS vulnerability in admin.php in Quick.Cart 3.1 allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2008-4140

CVE-2008-4140 is an XSS vulnerability in Quick.Cart 3.1, exploitable via the query string to admin.php. The issue arises from unsanitized input in the admin.php handling, allowing remote attackers to inject arbitrary web script or HTML. The CVE’s context indicates the vulnerability affects Quick....

quickcart-xss.txt

Application: Quick.Cart v3.1 Freeware Authors Site: http://opensolution.org/quick.cart,en,9.html +--------------------------------------------------------------+ XSS: http://www.victim.com/admin.php?"alertdocument.cookie" +-Notes:-----------------------------------------------------+ This only...

Quick Cart 3.1 - 'admin.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/31216/info Quick.Cart is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context...

quickcmslite-xss.txt

Application: Quick.Cms.Lite v2.1 Freeware Authors Site: http://opensolution.org/quick.cms,en,10.html +--------------------------------------------------------------+ XSS: http://www.victim.com/admin.php?"alertdocument.cookie" +-Notes:-----------------------------------------------------+ This onl...

libera-sql.txt

--==+============================================================================+==-- --==+ Libera CMS = 1.12 Remote SQL Injection Exploit Cookie +==-- --==+============================================================================+==-- Discovered By: StAkeR [email protected] + Discovered On: ...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admin.php in Content Management Made Easy CMME 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action...

CVE-2008-3925

Cross-site request forgery CSRF vulnerability in admin.php in Content Management Made Easy CMME 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action...

CVE-2008-3925

CSRF in Content Management Made Easy (CMME) 1.12 affects admin.php, enabling a remote attacker to trigger logout of an administrative user via a logout action. The connected CVE/DOCs confirm the vulnerability and affected component but do not provide a patch version or mitigation steps within the...

CMME 1.12 - Local File Inclusion Cross-Site Scripting Cross-Site Request ForgeryDownload BackupMake Directory

CMME 1.12 - Local File Inclusion Cross-Site Scripting Cross-Site Request ForgeryDownload BackupMake Directory + CMME 1.12 LFI/XSS/CSRF/Download Backup/MkDir Multiple Remote Vulnerabilities + Discovered By SirGod + www.mortal-team.org + Greetz :...