6697 matches found
Back-end-0.4.5.txt
Back-end = 0.4.5 Remote File Include Vulnerabilities Script.............. :Back-end Discovered By.... : Root3rH3ll Location .......... : Iran Class.............. : Remote Original Advisory : http://Www.PersainFox.com We ArE : Root3rH3LL & Arash.Rj Spical TNX Irania Hackers : Aria-Security , Crouz...
CVE-2006-5103
The CVE describes a PHP remote file inclusion vulnerability in bbsNew 2.0.1, specifically in admin/index2.php where the attacker can supply a URL in the right parameter to cause the application to include remote PHP code. This results in remote code execution on the affected server, compromising ...
CVE-2006-5017
CVE-2006-5017 corresponds to a SQL injection vulnerability in Szava Gyula and Csaba Tamas e-Vision CMS, affecting the admin/all_users.php component. The issue allows remote attackers to inject arbitrary SQL commands through the from parameter, enabling potential data disclosure or modification. P...
php_news => 2.0 Remote File Include Vulnerabilities
phpnews = 2.0 Remote File Include Vulnerabilities Script.............. :phpnews Discovered By.... : Root3rH3ll Location .......... : Iran Class.............. : Remote Original Advisory : http://Www.PersainFox.com We ArE : Root3rH3LL & Arash.Rj Spical TNX Irania Hackers : Aria-Security , Crouz ,...
CubeCart 3.0.x - adminforgot_pass.php?user_name SQL Injection
CubeCart 3.0.x - adminforgotpass.php?username SQL Injection source: https://www.securityfocus.com/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to...
NeoSys Neon Webmail for Java 5.065.07 - updateuser?in_id Servlet Arbitrary User Information Modification
NeoSys Neon Webmail for Java 5.065.07 - updateuser?inid Servlet Arbitrary User Information Modification source: https://www.securityfocus.com/bid/20109/info Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. These issues include: -...
NixieAffiliate all version bypass admin and xss
NixieAffiliate all version vendor : idevspot.com By : s3rv3rhack3r www: hackerz.ir & h4ckerz.com Bypass for delete any aff ID : www.domain.com/NixieAffiliate/delete.php?id=1 Xss : www.domain.com/NixieAffiliate/forms/lostpassword.php?error=xss...
CMtextS 1.0 - '/users_logins/admin.txt' Credentials Disclosure
::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+ +:+:+ +:+ ++ +++:++ +++:++++: ++ +:+ ++ ++ ++ +...
CVE-2006-4838
CVE-2006-4838 concerns multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0. The flaws allow remote attackers to inject arbitrary web script or HTML via request parameters in the admin interface: in footer.inc.php (root_url and dcp_version) and in header.inc.php (root_url, pag...
CVE-2006-4707
CVE-2006-4707 is an XSS vulnerability in MyBB 1.1.7, exploitable through the Admin CP login form (admin/global.php) by supplying malicious input in the query string ($_SERVER[PHP_SELF]). The NVD record notes a CVSS v2 base score of 6.8 (Medium) with impacts to confidentiality, integrity, and avai...
Telekorn Signkorn Guestbook 1.x - '/includes/admin.inc.php?dir_path' Remote File Inclusion
source: https://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. This may allow the attacker to compromise the application and the underlying system; other attack...
CVE-2006-4669
PHP remote file inclusion vulnerability in admin/system/include.php in Somery 0.4.6 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter...
CVE-2006-4631
The CVE refers to SoftBB 0.1 (and possibly earlier) with a vulnerability in admin/save_opt.php: Direct static code injection allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php and makes it accessible v...
[Kurdish Security # 26 ] AnnonceV News Script Remote Command Vulnerability
Kurdish Security Advisory Original Adv : http://kurdishsecurity.blogspot.com/2006/09/kurdish-security-26-annoncev-news.html Script : AnnonceV Site : http://www.comscripts.com/scripts/php.annoncesv.1895.html Version : 1.1 Risk : High Class : Remote Contact : [email protected] and irc.gigachat.ne...
Web Dictate Admin Null Password Vulnerability
Web Dictate Admin Null Password Vulnerability Software: Web Dictate Version: 1.02 Website: http://nchsoftware.com/ Description: Web Dictate is a dictation system that lets you record, edit and manage dictation over the internet. You, and other users, log into a server running Web Dictate to recor...
Muratsoft Haber Portal 3.6 (tr) Remote SQL Injection Vulnerability
No description provided by source. Muratsoft Haber Portal v3.6 tr SQL Injection Vulnerability Author : ASIANEAGLE Site : www.asianeagle.org Contact: [email protected] Link : http://www.aspindir.com/Goster/4350 Demo Portal : http://www.muratsoft.com/haber/www/ Price of Portal: 300YTL // Good...
CVE-2006-4475
Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors...
CVE-2006-4475
Joomla! before 1.0.11 exposes Admin Popups access without proper restriction. Affected component: Admin Popups in Joomla! prior to 1.0.11. Root cause/impact and exploitation details are not specified in the provided documents. No remediation or patch version is listed here.
CVE-2006-4423
Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 allow remote attackers to execute arbitrary PHP code via a URL in the 1 GLOBALSBIGACEDIRadmin parameter in a system/command/admin.cmd.php, b admin/include/uploadform.php, and c admin/include/itemmain.php; and the 2...
DUpoll 3.1 security bug
DUpoll 3.1 application bug BoZKuRTSeRDaR lkc Milliyeti Trk nternet korsan kahrolsun pkk kahrolsun Komnizm fuck kurdish lamerz Discovered by: BoZKuRTSeRDaR bozkurtserdaratbozkurtserdardotcom Vendor URL : DUpoll http://www.duware.com/demos/DUpoll/ Dork/Search for: "Powered by DUpoll" Exploit :...