6697 matches found
KwsPHP 1.0 stats Module Remote SQL Injection Exploit
No description provided by source. Script..........................: KwsPHP ver 1.0 stats Module Script Site..................: http://kws.koogar.org/ Vulnerability...............: Remote SQL injection Exploit Access.........................: Remote level.............................: Dangerous...
CVE-2007-4811
CVE-2007-4811 concerns multiple cross-site scripting (XSS) vulnerabilities in Netjuke 1.0-rc2. The affected entry indicates that remote attackers can inject arbitrary web script or HTML via (1) the val parameter to alphabet.php in an alpha.albums action, or (2) the PATH_INFO to random.php, or (3)...
Netjuke 1.0-rc2 - sql injection & XSS
The Netjuke is a Web-Based Audio Streaming Jukebox powered by PHP 4, a database and all the MP3, Ogg Vorbis and other format files that constitute your digital music collection. Supports images, language packs, multi-level security, random playlists, etc http://sourceforge.net/projects/netjuke...
xcart-rfi.txt
xCart Remote file inclusion Download script : http://www.x-cart.com// Discovered By : aLiiF a.k.a arif @debuteam 07/09/2007 HomePage : http://www.debuteam.net// Thx to : Debu Newbie Payment Yogac nyubi Rozi ^S0ng0ku^ Kuris Sonix Toxicity newbi3 R4yn4ld0 DisJocKey s3ng0k homeedition Holong...
proxyanket-sql.txt
//////////////// Yollubunlar.Org //////////////////// Proxy Anket v3.0.1 Sql injection Vulnerable Author : Yollubunlar.Org Orginal Article : http://yollubunlar.org/proxy-anket-v301-sql-injection-vulnerable-3502.html Main Page: http://yollubunlar.org/category/web-security Script :...
CVE-2007-4742
Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence...
CVE-2007-4742
CVE-2007-4742 affects Claroline prior to 1.8.6. Affected component: admin/adminusers.php sort parameter. Root cause: invalid value in sort leads to error message that may leak the file path, demonstrated by input containing an XSS sequence; authenticated remote admins can obtain sensitive informa...
Claroline 1.x - adminadvancedUserSearch.php?action Cross-Site Scripting
Claroline 1.x - adminadvancedUserSearch.php?action Cross-Site Scripting source: https://www.securityfocus.com/bid/25521/info Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities. An attacker could exploit these issues to execute local script...
phpbg-rfi.txt
phpBG 0.9.1 rootdir Remote File Inclusion Vulnerability D.Script: http://phpbg.sourceforge.net/ POC: /intern/admin/other/backup.php?admin=1&rootdir=Shell /intern/admin/?rootdir=Shell /intern/clan/memberadd.php?rootdir=Shell /intern/config/key2.php?rootdir=Shell...
SQL-инъекция в ActiveKB v1.5
Здравствуйте, 3APA3A. Software: ActiveKB v1.5 Vendor: www.interspire.com Vulnerability: множественные SQL-инъекции Risk: средний Date: 27.08.2007 discovered by durito damagelab -duritoatmaildotru- HTTP: durito.narod.ru +:| Details |: SQL-инъекции +:| Экплойт |:...
CVE-2007-4523
CVE-2007-4523 affects Ripe Website Manager 0.8.9 and earlier, describing multiple cross-site scripting (XSS) vulnerabilities. autenthenticated remote users can inject arbitrary script/HTML via several parameters across admin pages (e.g., id in pages/delete_page.php, navigation/delete_menu.php/del...
IBM Rational ClearQuest - Web Authentication Bypass / SQL Injection
+==============================================================+ + IBM Rational ClearQuest Web Login Bypass SQL Injection + +==============================================================+ DISCOVERED BY: ============== SecureState sasquatch - [email protected] rel1k - [email protected]...
CVE-2007-4232
The CVE-2007-4232 issue affects PHPNews 0.93 and is described as a PHP remote file inclusion vulnerability in admin/inc/change_action.php. The vulnerability allows an attacker to cause the application to execute arbitrary PHP code by supplying a crafted URL for the format_menue parameter, enablin...
VietPHP Remote File Inclusion Vulnerbility
VietPHP Remote File Inclusion Vulnerbility Vuln. code : in: admin/index.php /index.php /functions DoRk: Powered by VietPHP Exploit: www.server.com/path/admin/index.php?language=Sh3LL www.server.com/index.php??language=Sh3LL www.server.com/functions.php?dirpath=Sh3LL...
hunkaray-sql.txt
///////////Yollubunlar.Org/////////// Title : Hunkaray Okul Portali v1.1 tr Sql injection Vuln Author : Yollubunlar Orginal: http://yollubunlar.org/hunkaray-okul-portali-v11-tr-sql-injection-vuln-44.html Web Page :www.yollubunlar.orgg Contact : [email protected] Acik : in duyuruoku.asp...
payroll-sql.txt
A R I A - S E C U R I T Y Pay Roll - Time Sheet and Punch Card Application With Web Interface SQL Injection Vendor: http://www.codewidgets.com http://target.com/PATH/login.asp Username: admin Password: anything' OR 'x'='x Credits: Aria-Security Team http://aria-security.net...
php123-sql.txt
--==+================================================================================+==-- --==+ PHP123 Top Sites SQL Injection Vulnerbility +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE: N/A DORK: allintext:"Browse...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in AlstraSoft SMS Text Messaging Enterprise allow remote attackers to inject arbitrary web script or HTML via the 1 domain or 2 q parameter to a admin/membersearch.php, or 3 the userid parameter to b admin/edituser.php...
PHP123 Top Sites (category.php cat) Remote SQL Injection Vuln
No description provided by source. --==+================================================================================+==-- --==+ PHP123 Top Sites SQL Injection Vulnerbility +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog...
Sql injection
SQL injection vulnerability in Munch Pro allows remote attackers to execute arbitrary SQL commands via the login field to /admin, a different vulnerability than CVE-2006-5880...