CVE-2007-3208

CRLF injection vulnerability in YaBB 2.1 allows remote attackers to obtain administrative access through requests to register.pl or profile.pl that write CRLF sequences to a .vars file; this may enable execution of arbitrary code. No patch/version details are provided in the supplied documents.

CVE-2007-3200

NMASINST in Novell Modular Authentication Service NMAS 3.1.2 and earlier on NetWare logs its invoking command line to NMASINST.LOG, which might allow local users to obtain the admin username and password by reading this file...

Wordpress default theme XSS (admin) and other problems

There is an XSS in the Wordpress default theme. Tested on WordPress version 2.2 Filename functions.php, line 387. Code: form style="display: inline" method="post" name="hicolor" id="hicolor" action="?php echo $SERVER'REQUESTURI'; ?" $SERVER'REQUESTURI' is directly echoed to the user. This problem...

[Full-disclosure] Wordpress default theme XSS (admin) and other problems

There is an XSS in the Wordpress default theme. Tested on WordPress version 2.2 Filename functions.php, line 387. Code: form style="display: inline" method="post" name="hicolor" id="hicolor" action="?php echo $SERVER'REQUESTURI'; ?" $SERVER'REQUESTURI' is directly echoed to the user. This problem...

evisioncms-exec.txt

!/usr/bin/php -q -d shortopentag=on ...need i say more? Bug 2 admin/functions.php: if isset$COOKIE'adminlang' $languageselector = $COOKIE'adminlang'; else $languageselector = "en"; include"lang/".$languageselector.".php"; ...speaks for it self really. Bug 3 ; $sql = "SELECT stylecss FROM template...

Comicsense 0.2 (index.php epi) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================= Comicsense 0.2 index.php epi Remote SQL Injection Vulnerability ================================================================= Comicsense SQL Injection Advisory/Exploit b...

RevokeBB 1.0 RC4 - Blind SQL Injection Hash Retrieve

RevokeBB 1.0 RC4 - Blind SQL Injection Hash Retrieve !/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love ------------------------------------------------------------- "; if $argc 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2...

Vizayn Urun Tanitim Sistemi 0.2 - 'tr' SQL Injection

/ Vizayn Urun Tanitim Sistemi v0.2 tr Remote SQL Injection Vulnerability Found by : ertuqrul PoC By : BAHADIR Contact: [email protected] Scripr HomePage: http://www.vizayn.web.tr/ws.asp?ws=102 Script Demo URL: http://ws.vizaynhosting.com/V02/ Price : 55YTL PoF Concept:...

Joomla! Component Phil-a-Form 1.2.0.0 - SQL Injection

!/bin/sh Joomla Component Phil-a-Form = 1.2.0.0 SQL Injection Exploit Discovered by: Cody "CypherXero" Rester Payload: Admin Username and MD5 Hash Retrieval Website: http://www.cypherxero.net Shoutouts to the milw0rm community, the PIMP forums and my blog, of course echo...

Vulnerability - cpCommerce - XSS

cpcommerce is a FOSS php-based e-commerce shopping cart web application. Exploit: Javascript placed inside a user's "Full Name:" field will not be stripped - it will be added to the database 'as-is' as long as it has no quotations in the string. When the admin goes to the clients view page, the...

Sql injection

Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters. NOTE: some of these details are obtained from third party information...

BtiTracker 1.4.1 - Become Admin SQL Injection

BtiTracker =v1.4.1 Remote SQL Injection Exploit Discovered by: m@ge|ozz - [email protected] Vulnerabitity: Remote Sql Injection / Problem: Any user can be Administrator Website Vendor: http://www.btiteam.org Vulnerable Code accountchange.php: if isset$GET"style" @mysqlquery"UPDATE users SET...

Alstrasoft e-Friends 4.21 - Admin Session Retrieve

!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc2 echo "Usage: php ".$argv0." Host Path Host: target server ip/hostname Path: path of template Example: php ".$argv0." localhost /efriend/"; die; errorreporting0; iniset"maxexecutiontime",0;...

PHPGlossar Format_Menue远程文件包含漏洞

PHPGlossar是一款基于PHP的WEB应用程序。 PHPGlossar不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是多个脚本对用户提交的'formatmenue'参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 PHPGlossar 0.8 目前没有解决方案提供： http://www.crear.de/2003/dienste/phpdownloadlinks0.6/loadpage.php?uid=7...

eSyndiCat Input Validation Error Vulnerability

eSyndiCat is Directory websystem, a product of eSyndiCat.com It has security hole allow attackers get admin and more and more. Infected version: eSyndiCat Pro v1.x Infected file: manage-admins.php Use poc file to attack: ------------------------------------------------ pDiscovered by H2P - A memb...

FAQEngine <= 4.16.03 (question.php questionref) SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w FAQEngine = v4.16.03 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code question.php: $sql = "select from ".$tableprefix."questions where publish=1 and...

SimpNews <= 2.40.01 (print.php newnr) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================================== SimpNews = 2.40.01 print.php newnr Remote SQL Injection Exploit ================================================================== !/usr/bin/perl -w SimpNews = 2.40.01 SQL...

PHPGlossar 0.8 (format_menue) Remote File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications =================================================================== PHPGlossar 0.8 formatmenue Remote File Inclusion Vulnerabilities =================================================================== ?????????? ???????????????...

FAQEngine <= 4.16.03 (question.php questionref) SQL Injection Exploit

Exploit for unknown platform in category web applications ===================================================================== FAQEngine = 4.16.03 question.php questionref SQL Injection Exploit ===================================================================== !/usr/bin/perl -w FAQEngine =...

PHPGlossar 0.8 - &#039;format_menue&#039; Remote File Inclusion

?????????? ??????????????? ??????????????????? ??????????????????????? ?????????????????????????? ?????????????????????????????? ????????????????????????????????? ??????????????????????????????????? ????????????????????????????????????? ???????????????????????????????????????...