6697 matches found
nordXSS.txt
-XSS- Informed site admin: 4-15-05 http://about.nordstrom.com/help/livehelp/livehelpstart.asp?uri=http://maliciousSITE.com Discovered by Jeff Peadro jeff.peadro at gmail.com -XSS-...
postnukeSQL0760rc3.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke Non Critical SQL Injection and Include 0.760-RC3=x cXIb8O3.10 Author: cXIb8O3Maksymilian Arciemowicz Date: 2.4.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release 0.760-RC3=X PostNuke is an open source, ope...
MyBulletinBoard (MyBB) RC4 - 'Username' SQL Injection
source: https://www.securityfocus.com/bid/14553/info MyBulletinBoard is prone to multiple SQL injection vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise...
PHP-Fusion 6.0.106 - BBCode IMG Tag Script Injection
/ ahh I was hoping for some socket code : /str0ke Dark Assassins - http://dark-assassins.com/ Visit us on IRC @ irc.tddirc.net DarkAssassins PHP-Fusion img/img exploit Discovered/Coded by Easyex Using the img /img codes we can get an administrator to do a function a normal member cannot do. For...
pluggedBlog.txt
Plugged-Blog XSS and SQL-Injection flaw & Remove Admin vendor url: http://www.pluggedout.com advisory: http://falcondeoro.blogspot.com/2005/07/plugged-blog-xss-and-sql-injection.html vendor notify: yes exploit available: yes Plugged-Blog is a CMS WebBlog-Portal content management systen, theinsta...
CVE-2004-2247
Technical details for CVE-2004-2247 are not publicly available in the provided documents; no concrete affected product, impact, or exploit information is given. Monitor for updates.
WordPress Core 1.5.1.1 - 'add new admin' SQL Injection
!/usr/bin/perl WordPress new or die; &header; print " +---x STEP 1 - TRY GET ADMIN INFO\n"; $reg = $path; $reg .= '?%63%61%74=%36%36%36%20%75%6E%69%6F%6E%20%73%65%6C%65%63%74%20%36%36%36%2C%63%6F%6E'. '%63%61%74%28%63%68%61%72%28%35%38%2C%35%38%2C%35%38%29%2C%75%73%65%72%5F%6C%6F%67%69'...
WordPress <= 1.5.1.1 "add new admin" SQL Injection Exploit
Exploit for unknown platform in category web applications ========================================================== WordPress new or die; &header; print " +---x STEP 1 - TRY GET ADMIN INFO\n"; $reg = $path; $reg .=...
PAFaq - Administrator Username SQL Injection
PAFaq - Administrator Username SQL Injection source: https://www.securityfocus.com/bid/14003/info paFaq is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation...
Livingcolor Livingmailing 1.3 - login.asp SQL Injection
Livingcolor Livingmailing 1.3 - login.asp SQL Injection source: https://www.securityfocus.com/bid/13836/info livingmailing is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'login.asp' script. livingmailin...
Hosting Controller 0.6.1 - User Registration (1)
Hosting Controller 0.6.1 - User Registration 1 Domain: Username: INPUT type="hidden" name="htype" value="27" id="htyp...
ACNews <= 1.0 Admin Authentication Bypass SQL Injection Exploit
No description provided by source. http://www.google.com/search?hl=en&lr=&q=acnews+1.0+login.asp&btnG=Search /str0ke Product:ACNews version :1.0 VULNERABILITY CLASS: SQL injection exploit Log in with username:' or 'x'='x password :' or 'x'='x from admin/login.asp page. greetz to HaXoR & LOverboy...
CVE-2005-0735
newsscript.pl for NewsScript allows remote attackers to gain privileges by setting the mode parameter to admin...
CVE-2005-0640
CA Unicenter Asset Management (UAM) 4.0 contains a flaw where the "+Change Credentials for Database" window is not properly initialized, enabling local users to recover the SQL Admin password. The root cause is improper window initialization, per the CVE entry. The documented impact is partial co...
CVE-2002-1147
HP Procurve 4000M Switch firmware prior to C.09.16 is affected by CVE-2002-1147. The HTTP management interface does not authenticate reset requests to the device_reset CGI, enabling a remote denial-of-service via a direct request. The issue is network-exposed and stems from unauthenticated reset ...
CVE-2000-0707
CVE-2000-0707 affects PCCS MySQLDatabase Admin Tool Manager, versions 1.2.4 and earlier. The vulnerability stems from installing the file dbconnect.inc inside the web root, which permits remote attackers to read it and obtain sensitive credentials such as the database administrative password. Ope...
CVE-2024-36428
OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection...