runcms161-multi.txt

RunCMS 1.6.1 Multiple XSS and XSRF Vulnerabilties by NBBN b 1 Create Webmaster admin XSRF Vulnerability/b input type="hidde...

(tip=sollinkicerik)SQL Injection Vulnerability

CoRPITX Turkey www.Hayalet-hack.com www.zone-turk.net/ tip=sollinkicerikSQL Injection Vulnerability AUTHOR : xcorpitx HOME : www.Hayalet-hack.com / www.zone-turk.net WHEN YOU PUT THIS SQL CODE YOU can SEE ADMN NAME,ADMIN HASH DorK : ''tip=sollinkicerik'' EXPLOIT:...

RunCMS 1.6.1 Multiple XSS and XSRF Vulnerabilties

RunCMS 1.6.1 Multiple XSS and XSRF Vulnerabilties by NBBN b 1 Create Webmaster admin XSRF Vulnerability/b htmlhead/headbody onLoad="javascript:document.attack.submit" form action="http://localhost/xampp/runcms/modules/system/admin.php" method="post" enctype="multipart/form-data" name="r" input...

unleashed-xss.txt

Hello all, There is a bug in "Log" function of Search Unleashed by John Godley, version 0.2.10. This plug-in stores search queries but does not validates stored data and put them back "raw" to browser. HTML and Java Script can be injected with search request:...

ITechBids 6.0 (detail.php item_id) SQL Injection Vulnerability

No description provided by source. ITechBids v.6.0 Gold Edition Sql Injection Exploit AUTHOR:SoSo H H Iraqi-Cracker Script Site: http://itechscripts.com/ Price:$125.00 Exploit in: detail.php?itemid==SQL Example:...

CVE-2008-0736

admin/SAshipFedExMeter.asp in CandyPress CP 4.1.1.26, and possibly other 4.x and 3.x versions, allows remote attackers to obtain the path via a certain value of the FedExAccount parameter...

CVE-2008-0739

CVE-2008-0739 describes an SQL injection in CandyPress (CP) versions 4.x/3.x, specifically in admin/SA_shipFedExMeter.asp through the FedExAccount parameter. Affected software: CandyPress CP 4.1.1.26 and earlier 4.x and 3.x. Root cause: unsafely constructed SQL queries via the FedExAccount input,...

vKios 2.0.0 - cat SQL Injection

vKios 2.0.0 - cat SQL Injection !/usr/bin/perl Indonesian Newhack Security Advisory ------------------------------------ vKios NTOS-Team-fl3xu5,k1tk4t,opt1lc use LWP::UserAgent; use Getopt::Long; if!$ARGV2 print "\n |-------------------------------------------------------|"; print "\n | Indonesia...

[DSECRG-08-014] Multiple LFI in PowerNews (Newsscript) 2.5.6

Digital Security Research Group DSecRG Advisory DSECRG-08-014 Application: PowerNews Newsscript Versions Affected: 2.5.6 Vendor URL: http://www.powerscripts.org/ Bug: Multiple Local File Include Exploits: YES Reported: 01.02.2008 Vendor Response: none Solution: none Date of Public Advisory:...

ITechBids 6.0 - 'item_id' SQL Injection

ITechBids v.6.0 Gold Edition Sql Injection Exploit AUTHOR:SoSo H H Iraqi-Cracker Script Site: http://itechscripts.com/ Price:$125.00 Exploit in: detail.php?itemid==SQL Example:...

PowerNews 2.5.6 - Local File Inclusion

PowerNews 2.5.6 - Local File Inclusion Digital Security Research Group DSecRG Advisory DSECRG-08-014 Application: PowerNews Newsscript Versions Affected: 2.5.6 Vendor URL: http://www.powerscripts.org/ Bug: Multiple Local File Include Exploits: YES Reported: 01.02.2008 Vendor Response: none...

PowerNews (Newsscript) 2.5.6 Local File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications ================================================================= PowerNews Newsscript 2.5.6 Local File Inclusion Vulnerabilities ================================================================= Digital Security Research Group DSecRG...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admin/admincenter.php in webSPELL 4.01.02 allows remote attackers to assign the superadmin privilege level to arbitrary accounts as administrators via an "update member" action...

BookmarkX script 2007 (topicid) Remote SQL Injection Vulnerability

No description provided by source. BookmarkX scriptPowered by GengoliaWebStudioSQL Injection AUTHOR : S@BUN HOME : http://www.hackturkiye.com/ DorKs 1 : "2007 BookmarkX script" DORKS 2 : Powered by GengoliaWebStudio DORK 3 : allinurl :"index.php?menu=showtopic" EXPLOIT :...

BookmarkX script 2007 - 'topicid' SQL Injection

BookmarkX scriptPowered by GengoliaWebStudioSQL Injection AUTHOR : S@BUN HOME : http://www.hackturkiye.com/ DorKs 1 : "2007 BookmarkX script" DORKS 2 : Powered by GengoliaWebStudio DORK 3 : allinurl :"index.php?menu=showtopic" EXPLOIT :...

CVE-2008-0547

CVE-2008-0547 is a cross-site scripting (XSS) vulnerability in CandyPress (CP) 4.1.1.26 and probably earlier 4.x and 3.x versions. It affects the admin/utilities_ConfigHelp.asp page where the helpfield parameter can be exploited by remote attackers to inject arbitrary web script or HTML. The issu...

Liferay Portal Enterprise Admin User-Agent HTTP header XSS

Overview Liferay Portal contains a cross-site scripting vulnerability in the handling of the User-Agent HTTP header, which can allow a remote, authenticated attacker to gain administrative access. Description Liferay Portal is an enterprise portal solution that uses Java technologies. The...

smartpub-exec.txt

Smart Publisher 1.0.1 disp.php Remote Code Execution Exploit Script : http://sourceforge.net/projects/smart-publisher/ Vuln Code In '/admin/op/disp.php'In Line '3' eval"$v=".base64decode$filedata.";"; - Vuln POC : /admin/op/disp.php?filedata=cGhwaW5mbygp = phpinfo Base64...

New vulnerabilities in Relay

Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых SQL Injection и Cross-Site Scripting уязвимостях в движке Relay. О предыдущих уязвимостях в Relay я писал ранее. SQL Injection: http://site/relay/management/index.php?page=manage&module=users&action=details&uid=-120or20id=1...

alstraforum-sql.txt

--==+================================================================================+==-- --==+ Forum Pay Per Post SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE:...