21 matches found
EUVD-2006-0132
Malware in sbrugna...
EUVD-2008-5971
Malware in sbrugna...
EUVD-2006-0131
Malware in sbrugna...
ADN Forum <= 1.0b Blind SQL Injection Exploit
No description provided by source. !/usr/bin/perl -------------------------------------------------- ADN Forum = 1.0b Blind SQL Injection Exploit Discovered By: StAkeR - StAkeRathotmaildotit Discovered On: 01/10/2008 Download: http://sourceforge.net/projects/adnforum/...
Authentication flaw
index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field, and a final :sysop:0 string...
CVE-2008-6001
index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field, and a final :sysop:0 string...
CVE-2008-6001
The CVE-2008-6001 entry applies to ADN Forum before or at version 1.0b. A flaw in index.php lets remote attackers bypass authentication and obtain sysop privileges by manipulating a fpusuario cookie constructed with an initial sysop: string, a user-supplied password field, and a trailing :sysop:0...
CVE-2008-6001
index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field, and a final :sysop:0 string...
adnforum-sql.txt
!/usr/bin/perl -------------------------------------------------- ADN Forum get$host."/index.php?fid=".$send; if$request-issuccess and $request-content = /hace clic en el boton de abajo/i $hash .= chr$ord; $uid++; ifdefined $hash print "+ MD5: $hash\n"; exit; else print "? Exploit Failed!\n"; exi...
ADN Forum <= 1.0b Blind SQL Injection Exploit
Exploit for unknown platform in category web applications ============================================= ADN Forum get$host."/index.php?fid=".$send; if$request-issuccess and $request-content = /hace clic en el boton de abajo/i $hash .= chr$ord; $uid++; ifdefined $hash print "+ MD5: $hash\n"; exit;...
ADN Forum 1.0b - Blind SQL Injection
ADN Forum 1.0b - Blind SQL Injection !/usr/bin/perl -------------------------------------------------- ADN Forum get$host."/index.php?fid=".$send; if$request-issuccess and $request-content = /hace clic en el boton de abajo/i $hash .= chr$ord; $uid++; ifdefined $hash print "+ MD5: $hash\n"; exit;...
ADN Forum 1.0b - Insecure Cookie Handling
ADN Forum 1.0b - Insecure Cookie Handling -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- adnforum eNYe-Sec - www.enye-sec.org Cookie is base64 based and the ascii format used is: user:23ed4e45887ad4311ff654bd4aab6540:user:0 user:md5 pass:user:0 Programmer forgot to check the pass and...
ADN Forum <= 1.0b Insecure Cookie Handling Vulnerability
Exploit for unknown platform in category web applications ======================================================== ADN Forum = 1.0b Insecure Cookie Handling Vulnerability ======================================================== -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- adnforum =...
ADN Forum 1.0b - Insecure Cookie Handling
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- adnforum eNYe-Sec - www.enye-sec.org Cookie is base64 based and the ascii format used is: user:23ed4e45887ad4311ff654bd4aab6540:user:0 user:md5 pass:user:0 Programmer forgot to check the pass and only use the nick to autenticate the user...
Sql injection
Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary SQL commands via the 1 fid parameter in index.php and 2 pagid parameter in verpag.php, and possibly other vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to inject arbitrary web script or HTML via the titulo parameter, which is used by the "Topic name" field...
CVE-2006-0123
Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary SQL commands via the 1 fid parameter in index.php and 2 pagid parameter in verpag.php, and possibly other vectors...
CVE-2006-0124
Cross-site scripting XSS vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to inject arbitrary web script or HTML via the titulo parameter, which is used by the "Topic name" field...
CVE-2006-0123
Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary SQL commands via the 1 fid parameter in index.php and 2 pagid parameter in verpag.php, and possibly other vectors...
CVE-2006-0124
CVE-2006-0124 describes a cross-site scripting (XSS) vulnerability in the ADN Forum 1.0b product, specifically in the crear.php script. The issue arises from the titulo parameter, used for the “Topic name” field, allowing remote attackers to inject arbitrary web script or HTML. The available reco...