6697 matches found
eFiction < 2.0.7 Remote Admin Authentication Bypass Vulnerability
Exploit for unknown platform in category web applications ================================================================= eFiction 2.0.7 Remote Admin Authentication Bypass Vulnerability ================================================================= eFiction vulnerability I am releasing this ...
Spidey Blog Script 1.5 - proje_goster.asp SQL Injection (1)
Spidey Blog Script 1.5 - projegoster.asp SQL Injection 1 Spidey Blog Script == 1.5 tr SQL Injection Vulnerability Author : ASIANEAGLE Site : www.asianeagle.org Contact: [email protected] Risk : High Download Link Of Spidey Blog : http://www.aspindir.com/Kategoriler/ASP/bloglar Exploit; Admin...
TinyPHPForum 3.6 - UpdatePF.php Authentication Bypass
TinyPHPForum 3.6 - UpdatePF.php Authentication Bypass source: https://www.securityfocus.com/bid/19281/info TinyPHPForum is prone to an authentication-bypass vulnerability because it fails to prevent an attacker from accessing admin scripts directly without requiring authentication. A remote...
TinyPHPForum 3.6 - 'UpdatePF.php' Authentication Bypass
source: https://www.securityfocus.com/bid/19281/info TinyPHPForum is prone to an authentication-bypass vulnerability because it fails to prevent an attacker from accessing admin scripts directly without requiring authentication. A remote attacker can exploit this issue to perform administrative...
CVE-2006-3827
The CVE-2006-3827 entry affects Kailash Nadh’s boastMachine (formerly bMachine) up to v3.1. The issue is an SQL injection in bmc/Inc/core/admin/search.inc.php, exploitable by remote authenticated administrators via the blog parameter. This is caused by unsanitized input being used in SQL queries,...
Advisory: Remote command execution in planetGallery
Advisory: Remote command execution in planetGallery An admin of planetGallery is allowed to create new galleries and upload images. Because of a vulnerable regular expression, he may also upload PHP scripts and thereby execute arbitrary commands with the privileges of PHP. Details ======= Product...
CVE-2006-3676
PlanetGallery’s admin/gallery_admin.php contains a vulnerability that allows remote code execution via file uploads with a double extension, bypassing a safe-types regex and placing the file in the images directory. The flaw arises because the regex matches names like example.png.php, which PHP t...
CVE-2006-3514
PHP-Blogger 2.2.5 (and possibly earlier) has multiple cross-site scripting (XSS) vulnerabilities in admin/actions.php. The flaw allows remote attackers to inject arbitrary web script or HTML via the parameters: name, title, news, description, and sitename. The CVE notes only the presence of XSS w...
lifesucks.pl.txt
!/usr/bin/perl -w LifeType 1.0.5 SQL injection exploit extract admin username and MD5 password Sun Jul 2 02:19:33 CEST 2006 Bug was found by Alejandro Ramos . Script by Pedro Andujar and Alex. Shoutz: !dSR www.digitalsec.net and 514-77 www.514.es ppl. Example: lifesucks.pl www.rs-labs.com blog...
Hosting Controller <= 6.1 Hotfix 3.1 Privilege Escalation Vulnerability
No description provided by source. Title: An attacker can gain reseller privileges and after that can gain admin privileges Version: 6.1 Hotfix = 3.1 Developer url: www.Hostingcontroller.com Solution: Update to Hotfix 3.2 Discover date: 2005,Summer Report date to hc company: Sat Jun 10, 2006...
CVE-2006-3327
The CVE-2006-3327 entry describes a Cross-site scripting (XSS) vulnerability in the Custom dating biz dating script 1.0. The affected components are profile/mini.php (sn20_special_cases parameter, “Special Cases”), profile/photo_create.php (tyxx01_album_name parameter, “Album Name”), and admin/us...
CSRF in Nuked Klan 1.7 SP4.2
Discovered by Blwood http://www.blwood.net CSRF : Cross Site Request Forgery If admin click on a link like this http://www.site.com/index.php?file=Admin&page=block&op=delblock&bid=X Where X is an ID of a block Block ID X will be destroyed... Nuked Klan Website : http://www.nuked-klan.org/...
hx.pl.txt
!/usr/bin/perl DeluxeBB new or die; $cookiejar = HTTP::Cookies-new; $xpl-cookiejar $cookiejar ; $res = $xpl-post$url.'misc.php', Content = "sub" = "login", "name" = "$uname", "password" = "$passwd", "submit" = "Log-in", "redirect" = "", "expiry" = "990090909", ,; if$cookiejar-asstring =...
DeluxeBB <= 1.07 (cp.php) Create Admin Exploit
Exploit for unknown platform in category web applications ============================================== DeluxeBB new or die; $cookiejar = HTTP::Cookies-new; $xpl-cookiejar $cookiejar ; $res = $xpl-post$url.'misc.php', Content = "sub" = "login", "name" = "$uname", "password" = "$passwd", "submit"...
MyBulletinBoard (MyBB) <= 1.1.3 (usercp.php) Create Admin Exploit
Exploit for unknown platform in category web applications ================================================================= MyBulletinBoard MyBB new or die; $cookiejar = HTTP::Cookies-new; $xpl-cookiejar $cookiejar ; $res = $xpl-post$url.'member.php', Content = "action" = "dologin", "username" =...
CVE-2006-3177
The CVE-2006-3177 entry concerns a PHP remote file inclusion in Admin/rtf_parser.php of The Bible Portal Project (version 2.12 and earlier). The underlying issue is that the destination parameter can be supplied via a URL, allowing remote attackers to cause arbitrary PHP code execution on the aff...
Mambo <= 4.6rc1 (Weblinks) Remote Blind SQL Injection Exploit (2)
Exploit for unknown platform in category web applications ================================================================= Mambo 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$strin...
Joomla <= 1.0.9 (Weblinks) Remote Blind SQL Injection Exploit
Exploit for unknown platform in category web applications ============================================================= Joomla = 1.0.9 Weblinks Remote Blind SQL Injection Exploit ============================================================= !/usr/bin/php -q -d shortopentag=on ? echo "Joomla = 1.0...
ipb216.txt
//Product :Invision Power Board //Version :2.1.6 and prior versions must be affected. //XSS= http://localhost/forum/admin.php?phpinfo=alert //You can steal only admins cookie. //www.spymastersnake.org //[email protected]...
CVE-2006-2912
Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the 1 albumID parameter to a viewalbum.php or b index.php, 2 imageID parameter to c popup.php, or 3 username and 4 password parameters to d admin/member.php...