133 matches found
My Gaming Ladder <= 7.5 (ladderid) SQL Injection Vulnerability
No description provided by source. --==+================================================================================+==-- --==+ My Gaming Ladder 7.5 AND Prior SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- AUTHOR:...
VBulletin 1.0.1 lite/2.x/3.0 /admincp/user.php Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14872/info vBulletin is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitatio...
VBulletin 1.0.1 lite/2.x/3.0 /admincp/index.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues t...
VBulletin 1.0.1 lite/2.x/3.0 /admincp/user.php email Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues t...
Uploadscript 1.0 - Multiple Vulnerabilities
No description provided by source. Exploit Title: Uploadscript v1.0. Multiple Vulnerabilities Date: 13-12-2009 Author: Mr.aFiR Software Link: http://www.phpstudio.hu/?action=verify&categorize=php&subaction=php&context=php&ID=75&verify=0 Version: N/A Tested on: GNU/LINUX CVE : N/A Code : N/A / \ /...
vBulletin 3.8.4 & 3.8.5 Registration Bypass Vulnerability
No description provided by source. =============================================================== vBulletin 3.8.4 & 3.8.5 Registration Bypass Vulnerability =============================================================== 010101010101010101010101010101010101010101010101010101010 0 0 1 Iranian...
VBulletin <= 3.7.1 - admincp/faq.php Injection adminlog.php XSS
No description provided by source. source: http://www.securityfocus.com/bid/30134/info vBulletin is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script...
VBulletin 1.0.1 lite/2.x/3.0 /admincp/modlog.php orderby Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues t...
VBulletin 1.0.1 lite/2.x/3.0 /admincp/language.php goto Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues t...
vBSEO 3.5.2 & 3.2.2 - Persistent XSS via LinkBacks
No description provided by source. vBSEO - Persistent XSS via LinkBacks http://www.exploit-db.com/vbseo-from-xss-to-reverse-php-shell/ Versions Affected: 3.5.2 & 3.2.2 Most likely all versions Info: A proven success record, vBSEO powers the most optimized forums on the Web. The 1 SEO plugin and t...
TopicsViewer 3.0 Beta 1 SQL Injection
TopicsViewer v3.0 Beta 1 - Multiple Sql Injection Vulnerabilty =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script : http://www.topicsviewer.com/...
vbBux / vbPlaza 4.0.3 SQL Injection
Exploit Title: vbBux and vbPlaza v4 SQLI Authors: n3tw0rk twiiter.com/n3tw0rkgod Contact: Mail:[email protected] Product: 4.0.3 and below Software Version x.x.x Product Download: http://www.vbulletin.org/forum/showthread.php?t=270271 Homepage: d4tabase.com The exploit is caused due to a...
vBulletin 4.0.x SQL Injection Vulnerability
vBulletin version 4.0.x appears to suffer from a remote SQL injection vulnerability in the administrative functionality. Exploit Title: vBulletin force Read Thread 0day Authors: n3tw0rk Contact: Mail:email protected Product: 4.0.x Software Version x.x.x Product Download:...
vBulletin 4.0.2 - update_order SQL Injection
vBulletin 4.0.2 - updateorder SQL Injection source: https://www.securityfocus.com/bid/61449/info VBulletin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to...
vBulletin 4.0.x SQL Injection
Exploit Title: vBulletin force Read Thread 0day Authors: n3tw0rk Contact: Mail:[email protected] Product: 4.0.x Software Version x.x.x Product Download: http://www.vbulletin.org/forum/showthread.php?t=241754&page=18 Google Dork: use your mind Homepage: d4tabase.com The exploit is caused due...
躺在床上读代码之 phpwind后台SQL注射
简要描述: 这个漏洞是一个后台注射,影响不大,本身我是不想发的,漏洞本身可能造成影响不大,但是整个漏洞分析的过程应该在自己还有兴趣的时候记录下来,因为以后我会知道当时还有兴趣分析了它。 PHPWIND是我一直以来觉得为了实现安全无所不用其极的一款产品,我是喜欢这样小聪明解决问题的产品的。 该产品使用checkVar函数全局将GP(GET,POST)中的.. db-query "DELETE FROM " . $this-tableName. " WHERE mid in ".$messageIds." " ; return $this-db-affectedrows ;...
Small-CMS 1.0 SQL Injection Vulnerability
Exploit for php platform in category web applications + Exploit title: Small-CMS 1.0 - SQL injection/Authentication Bypass + Date: 2/10/2012 + Author: Phizo + Vendor: http://www.small-cms.com/ + Version: 1.0 + Category: webapps + Google dork: intitle:"Find it yourself." + Tested on: Windows 7 |...
traq-2.3.5_CSRF_XSS_SQL_INjeCTION_vulns
==================================================================== Vulnerable Software: traq-2.3.5 Official Site: TraqProject.org ==================================================================== About Software: Traq is a PHP powered project manager, capable of tracking issues for multiple...
Traq 2.3.5 CSRF / XSS / SQL Injection
==================================================================== Vulnerable Software: traq-2.3.5 Official Site: TraqProject.org ==================================================================== About Software: Traq is a PHP powered project manager, capable of tracking issues for multiple...
Traq admincp/common.php Remote Code Execution
This module exploits an arbitrary command execution vulnerability in Traq 2.0 to 2.3. It's in the admincp/common.php script. This function is called in each script located in the /admicp/ directory to make sure the user has admin rights. This is a broken authorization schema because the header...