CVE-2007-2600

Multiple cross-site scripting XSS vulnerabilities in TutorialCMS aka Photoshop Tutorials 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 catFile parameter to a browseCat.php or b browseSubCat.php; the 2 id parameter to c openTutorial.php, d topFrame.php, o...

TutorialCMS <= 1.00 (search.php search) SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w TutorialCMS = 1.00 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code search.php: $search = $REQUEST'search'; $sql = "SELECT FROM tutorials WHERE title LIKE...

simplenews-sql.txt

!/usr/bin/perl -w SimpleNews = 1.0.0 FINAL SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code print.php: $newsid = $GET'newsid'; $query = "SELECT FROM simplenewsarticles WHERE newsid = '$newsid'"; PoC:...

Information disclosure

MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, which allows remote authenticated administrators to have an unknown impact via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2007-2557

The CVE-2007-2557 entry concerns MOStlyDB Admin in Mambo 4.6.1, where privileges are not properly checked. The root cause is insufficient privilege validation in the MOStlyDB Admin component, allowing remote authenticated administrators to cause an unknown impact via unspecified vectors. The avai...

TutorialCMS 1.00 - 'search.php?search' SQL Injection

!/usr/bin/perl -w TutorialCMS alert'http://www.w4ck1ng.com' PoC: http://victim.com/search.php?search=' UNION SELECT 0,0,0,0,username, password,0,0,0,0,0,0,0 FROM users WHERE id='1' / Subject To: magicquotesgpc set to off GoogleDork: "Powered By Photoshop Tutorials" 0 Results Shoutz: The entire...

phpHoo3 (admin.php) Remote Login Bypass SQL Injection Vulnerability

phpHoo3 Login SQL injection // AYYILDIZ.ORG Gururla Sunar... download:http://cable-modems.org/phpHoo/files/phphoo3.zip author : iLker Kandemir ilkerkandemir at mynet.com Risk : High Class : Remote Vuln. Script : phpHoo3 tnx : h0tturk,ekin0x,Gencnesil,Gencturk,koray,Ajann .. Vulnerable; ///admin.p...

[Full-disclosure] Mini Web Shop v.2 vulnerable to XSS

-=--------------------ADVISORY-------------------=- Mini Web Shop V.2 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Mini Web Shop -=+ Version: 2 -=+ Vendor's URL: http://obiewebsite.sourceforge.net/o.php?MiniWebShop -=+ Platform:...

Pre Shopping Mall 1.0 Remote SQL Injection Vulnerability

No description provided by source. ============================================== Pre Shopping Mall v1.0 Remote SQL Injection ============================================== Found: Cyber-Security.org ============================================== Exploit:...

Pre Shopping Mall 1.0 Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================== Pre Shopping Mall 1.0 Remote SQL Injection Vulnerability ======================================================== ============================================== Pre Shopping Mall v1....

Pre News Manager 1.0 Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================= Pre News Manager 1.0 Remote SQL Injection Vulnerability ======================================================= ============================================== Pre News Manager v1.0...

CVE-2007-2316

Unspecified vulnerability in the admin script in Open Business Management OBM before 2.0.0 allows remote attackers to have an unknown impact by calling the script "in txt mode from a browser."...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs/insertlink.php in download engine Download-Engine 1.4.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the spawroot parameter, a different vector than CVE-2007-2255. NOTE: this may be an issue in...

CVE-2007-2289

PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs/insertlink.php in download engine Download-Engine 1.4.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the spawroot parameter, a different vector than CVE-2007-2255. NOTE: this may be an issue in...

CVE-2007-2289

CVE-2007-2289 describes a PHP remote file inclusion in Download-Engine.1.4.1, via the spaw_root parameter in admin/includes/spaw/dialogs/insert_link.php, allowing remote authenticated users to execute arbitrary PHP code. This is a different vector than CVE-2007-2255. No remediation or fix details...

CVE-2007-2255

Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the 1 engdir parameter to addmember.php, 2 langpath parameter to admin/enginelib/class.phpmailer.php, and the 3 spawroot parameter to...

Netmao Movie network cat movie system vulnerabilities-vulnerability warning-the black bar safety net

IceskYsl in NOHACK published on the php vulnerabilities topic. The first is the include file vulnerability. So today I quickly found one, not exclusive to! Huh. Program: Netmao Movie network cat movie system. Description: now its latest version is 3. 0, due to the encryption, so it is not good to...

Remote file inclusion

PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the authmethod parameter to 1 index.php, 2 list.php, 3 postreview.php, 4 reindex.php, 5 sections.php, 6 templates.php, 7 userinfo.php, 8 users.php, and 9 view.php...

CVE-2007-2084

CVE-2007-2084 affects MobilePublisherphp version 1.1.2 and is described as a PHP remote file inclusion vulnerability in the admin directory. The issue permits an attacker to supply a URL in the auth_method parameter to any of the admin PHP files (index.php, list.php, postreview.php, reindex.php, ...

Code injection

Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" background color field and other unspecified fields, which injects into config.inc.php3...