70 matches found
Code injection
AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireless network and then conducting a 1 brute-force attack or 2 rainbow-table attack...
phpstcms (STCMS music system) to bypass the backend authentication method-vulnerability warning-the black bar safety net
Published author: the mind Vulnerability type: background verification Vulnerability analysis: a music system-0-in! Throw in the hard disk is also equal to moldy, classic white look at the code. Vulnerability exists in“common.inc.php”file, as follows. phpstcms STCMS music system to bypass the...
Sql injection
SQL injection vulnerability in the CheckLogin function in includes/functions.php in Limny 1.01, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter...
CVE-2009-4722
SQL injection vulnerability in the CheckLogin function in includes/functions.php in Limny 1.01, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter...
Limny 1.01 - Authentication Bypass
Limny 1.01 Auth Bypass SQL Injection Vulnerability + Discovered By SirGod + http://insecurity-ro.org + http://h4cky0u.org + Script Homepage : http://www.limny-project.com/ + SQL Injection Vulnerability - Notes : magicquotesgpc = off - Vulnerable code in includes/functions.php...
tsp-admin.txt
!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc4 echo "Usage: php ".$argv0." Host Path ID password Host: target server ip/hostname Path: path of template ID: A Valid Admin ID usally 1 works for the 'admin' nickname password: The PWD you want ...
Pivot <= 1.30 RC2 Privileges Escalation/Remote Code Execution Exploit
Exploit for unknown platform in category web applications ===================================================================== Pivot = 1.30 RC2 Privileges Escalation/Remote Code Execution Exploit ===================================================================== !/usr/bin/php -q -d...
Pivot 1.30 RC2 - Privilege Escalation / Remote Code Execution
!/usr/bin/php -q -d shortopentag=on ? echo "Pivot = 1.30 RC2 privileges escalation / remote commands execution exploit\n"; echo "by rgod [email protected]\n"; echo "site: http://retrogod.altervista.org\n"; echo "dorks: "Powered byPivot"\n"; echo "version specific: "Powered byPivot - 1.30 RC2"...
CVE-2004-1993
The CVE-2004-1993 issue affects omail webmail 0.98.5 and stems from an incomplete patch to the checklogin function in omail.pl, which allows remote attackers to run arbitrary commands via shell metacharacters such as backticks in the password. NVD lists a CVSS2 base score of 10.0 (NETWORK, LOW co...
CVE-2004-1993
The patch to the checklogin function in omail.pl for omail webmail 0.98.5 is incomplete, which allows remote attackers to execute arbitrary commands via shell metacharacters such as "" backticks in the password...