Authentication flaw

dynaliens 2.0 and 2.1 allows remote attackers to bypass authentication and perform certain privileged actions via a direct request for 1 validlien.php3 2 supprlien.php3 3 supprub.php3 4 validlien.php3 5 confsuppr.php3 6 modiflien.php3, or 7 confmodif.php3 in admin/...

GaziYapBoz Game Portal (kategori.asp) Remote SQL Injection Vuln

No description provided by source. Title : GaziYapBoz Game Portal Remote SQL Injection Vulnerability Author : CyberGhost Page : http://ucgenportal.somee.com/scriptler/gaziyapboz Download : http://www.aspindir.com/indir.asp?id=4765&sIslem=%DDndir Vuln. Username :...

GaziYapBoz Game Portal - kategori.asp SQL Injection

GaziYapBoz Game Portal - kategori.asp SQL Injection Title : GaziYapBoz Game Portal Remote SQL Injection Vulnerability Author : CyberGhost Page : http://ucgenportal.somee.com/scriptler/gaziyapboz Download : http://www.aspindir.com/indir.asp?id=4765&sIslem=%DDndir Vuln. Username :...

Advisory4-20022007.txt

--------------------------------------------------------------------------------- | . | | \ \ / /||/ | | | \ Y / | \ \ \ | \ \ \ / / | | \ / | || | /| | | | // \ | | / |||| || |/ //\ \ | | / / | | Security without illusions | | www.virtuax.be | | |...

wbnews-rfi.txt

ThE bug in admin file To ConTacT mE @ www.Asb-May.net/bb ScRiPtS:-http://www.webmobo.com/wbnews/download.html GrEaTz To:-ToOofa-HaCk.eGy All AsB-MaY DisCoverY ExPloIts GrOup Discovered By:- ThE dE@Th comment.php:- include $config'installdir'. "/includes/function.php"; themes.php:- include...

Wordpress <= v2.1.0

If you're logged in into wordpress as an admin, your comments aren't properly sanitized, thus allowing an XSS to be posted. This can be exploited using XSRF techniques. More info & PoC: http://www.virtuax.be/advisories/Advisory4-20022007.txt...

CVE-2007-1175

Cross-site scripting XSS vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in DBImageGallery 1.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the donsimgbasepath parameter to 1 attributes.php, 2 images.php, or 3 scan.php in admin/; or 4 attributes.php, 5 dbutils.php, 6 images.php, 7 utils.php, or ...

jbrowser.txt

JBrowser acces to admin/config files By : sn0oPy Risk : high Dork : inurl:"JBrowser/index.php" exploit : juste replace the http://www.target.ma/jbrowser/index.php by http://www.target.ma/jbrowser/admin/ contact : [email protected] greetz : subzero, Avg...

CVE-2006-7025

CVE-2006-7025 describes an SQL injection in the Bookmark4U app, affecting versions 2.0 and 2.1. The vulnerability is triggered in admin/config.php via the sqlcmd parameter, allowing remote attackers to inject arbitrary SQL. CVSS v2 base score 7.5 (HIGH) indicates potential impact on confidentiali...

JBrowser acces to admin/config files

JBrowser acces to admin/config files By : sn0oPy Risk : high Dork : inurl:"JBrowser/index.php" exploit : juste replace the http://www.target.ma/jbrowser/index.php by http://www.target.ma/jbrowser/admin/ contact : [email protected] greetz : subzero, Avg...

CVE-2007-1060

Multiple PHP remote file inclusion vulnerabilities in Interspire SendStudio 2004.14 and earlier, when registerglobals and allowfopenurl are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOTDIR parameter to 1 createemails.inc.php and 2 sendemails.inc.php in...

mAlbum v0.3 admin by default user/pass

mAlbum v0.3 admin by default user/pass By : sn0oPy Risk : high exploit : at http://www.target.ma/malbum/index.php when private images Login : login Password : pass after login, you can creat new admin account, delete it,... Dork : inurl:"malbum/" Default user/pass present here :...

CVE-2007-0912

Jportal 2.3.1 (and possibly earlier) contains a Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php that allows remote attackers to perform privileged actions as administrators by enticing an admin to access a modified URL. Affected component: admin.adm.php within Jportal 2.3.1...

Authentication flaw

nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for 1 configedit.php, 2 templateedit.php, or 3 surveyedit.php in admin/...

CVE-2007-0845

admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1...

Hunkaray Duyuru Scripti (tr) Remote SQL Injection Exploit

No description provided by source. Hunkaray Duyuru Scripti tr == SQL Injection Vulnerability Author : cl24zy - DrEgHoT - TuF4N Site : www.hacklive.org , www.illegal-attack.org Contact: [email protected] Download H?y Duyuru Scripti tr : http://www.aspindir.com/Goster/4678 Demo :...

Hunkaray Duyuru Scripti - tr SQL Injection

Hunkaray Duyuru Scripti - tr SQL Injection Hunkaray Duyuru Scripti tr == SQL Injection Vulnerability Author : cl24zy - DrEgHoT - TuF4N Site : www.hacklive.org , www.illegal-attack.org Contact: [email protected] Download Hünkaray Duyuru Scripti tr : http://www.aspindir.com/Goster/4678 Demo :...

Fullaspsite Asp Hosting Sitesi (tr) SQL Injection Vulnerability

Exploit for unknown platform in category web applications =============================================================== Fullaspsite Asp Hosting Sitesi tr SQL Injection Vulnerability =============================================================== Fullaspsite Asp Hosting tr == SQL Injection...

AdMentor (banners) admin SQL injection

AdMentor banners admin SQL injection By : sn0oPy Risk : high Site : http://www.aspcode.net/products/admentor Dork : inurl:"admentor/admin" exploit : UserID = 'or' '=' Password = 'or' '=' contact : [email protected] greetz : subzero, Avg Teamhttp://forums.avenir-geopolitique.net. references :...