175 matches found
DCFM Blog 'comments.php' SQL注入漏洞
BUGTRAQ ID: 29627 DCFM Blog是一款基于PHP的WEB应用程序。 DCFM Blog不正确处理用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可能获得敏感信息或操作数据库。 问题是'comments.php'脚本对用户提交给WEB参数缺少过滤,构建恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库 DCFM Blog 0.9.4 目前没有解决方案提供: http://sourceforge.net/projects/dcfm-blog/ form...
CVE-2008-2671
SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2008-2671
The CVE-2008-2671 entry describes a SQL injection in DCFM Blog 0.9.4, affecting comments.php where an attacker can modify the id parameter to execute arbitrary SQL commands remotely. Affected software: DCFM Blog 0.9.4 (comments.php). Root cause: unsanitized/unchecked id parameter leading to SQL c...
dcfm-sql.txt
/ | || | | | | | | | | /| | | | | || ||| ||||| || C. H. R. O. O. T. SECURITY GROUP - -- ----- --- -- -- ---- --- -- - http://www.chroot.org Hacks In Taiwan | || | | | | | | | Conference 2008 | | | | | | | | | || ||| || |||| http://www.hitcon.org Title =======:: DCFM Blog 0.9.4 comments Remote...
DCFM Blog 0.9.4 (comments) Remote SQL Injection Vulnerability
No description provided by source. / | || | | | | | | | | /| | | | | || ||| ||||| || C. H. R. O. O. T. SECURITY GROUP - -- ----- --- -- -- ---- --- -- - http://www.chroot.org Hacks In Taiwan | || | | | | | | | Conference 2008 | | ...
DCFM Blog 0.9.4 - SQL Injection
/ | || | | | | | | | | /| | | | | || ||| ||||| || C. H. R. O. O. T. SECURITY GROUP - -- ----- --- -- -- ---- --- -- - http://www.chroot.org Hacks In Taiwan | || | | | | | | | Conference 2008 | | | | | | | | | || ||| || |||| http://www.hitcon.org Title =======:: DCFM Blog 0.9.4 comments Remote...
DCFM Blog 0.9.4 - SQL Injection
DCFM Blog 0.9.4 - SQL Injection / | || | | | | | | | | /| | | | | || ||| ||||| || C. H. R. O. O. T. SECURITY GROUP - -- ----- --- -- -- ---- --- -- - http://www.chroot.org Hacks In Taiwan | || | | | | | | | Conference 2008 | | | | | | | | | || ||| || |||| http://www.hitcon.org Title =======::...
[web-app] DCFM Blog 0.9.4 (comments) Remote SQL Injection Vulnerability
/ | || | | | | | | | | /| | | | | || ||| ||||| || C. H. R. O. O. T. SECURITY GROUP - -- ----- --- -- -- ---- --- -- - http://www.chroot.org Hacks In Taiwan | || | | | | | | | Conference 2008 | | | | | | | | | || ||| || |||| http://www.hitcon.org Title =======:: DCFM Blog 0.9.4 comments Remote SQL...
[web-app] DCFM Blog 0.9.4 (comments) Remote SQL Injection Vulnerability
/ | || | | | | | | | | /| | | | | || ||| ||||| || C. H. R. O. O. T. SECURITY GROUP - -- ----- --- -- -- ---- --- -- - http://www.chroot.org Hacks In Taiwan | || | | | | | | | Conference 2008 | | | | | | | | | || ||| || |||| http://www.hitcon.org Title =======:: DCFM Blog 0.9.4 comments Remote SQL...
Sql injection
SQL injection vulnerability in comments.php in Gamma Scripts BlogMe PHP 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2008-2175
SQL injection vulnerability in comments.php in Gamma Scripts BlogMe PHP 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter...
BlogMe PHP (comments.php id) SQL Injection Vulnerability
No description provided by source. + BlogMe PHP remote SQL injection exploit + Script download : http://www.drumster.net/gamma/downloads/BlogMe11.zip + Founded by : His0k4 ALGERIAN HaCkEr + Greetz : All friends & muslims HaCkeRs... + Dork : "BlogMe PHP created by Gamma Scripts" + Exploit :...
BlogMe PHP 1.1 - 'comments.php' SQL Injection
BlogMe PHP remote SQL injection exploit + Script download : http://www.drumster.net/gamma/downloads/BlogMe11.zip + Founded by : His0k4 ALGERIAN HaCkEr + Greetz : All friends & muslims HaCkeRs... + Dork : "BlogMe PHP created by Gamma Scripts" + Exploit :...
BlogMe PHP 1.1 - comments.php SQL Injection
BlogMe PHP 1.1 - comments.php SQL Injection + BlogMe PHP remote SQL injection exploit + Script download : http://www.drumster.net/gamma/downloads/BlogMe11.zip + Founded by : His0k4 ALGERIAN HaCkEr + Greetz : All friends & muslims HaCkeRs... + Dork : "BlogMe PHP created by Gamma Scripts" + Exploit...
PT-2008-3075 · Oocomments · Oocomments
Name of the Vulnerable Software and Affected Versions: ooComments version 1.0 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for classes/class admin.php and classes/class comments.php, such as the API endpoint "/classes/class...
Cmsez(with easy)the whole Station system of 0day-vulnerability warning-the black bar safety net
零 客 网络 安全 小组 www.0kee.com”or in a super-connected in the manner indicated ---------------------------------Ash is often not slutty cut the JJ line------------------------------- Program name: Cmsez Web Content Manage System v2. 0. 0 Vulnerability found: the little handsomehandsome Published time:...
Cmsez(随易)全站系统 0day
漏洞文件:comments.php viewimg.php ? //comments include "mainfile.php"; $art=new article; //设定 $confirm='yes';//yes:需要管理员认证后才能显示,no:直接显示 $member=new member; $userinfo=$member-memberauth; $ulevel=$userinfouserlevel; 设置 $action = $REQUESTaction; $page="10";// $needuser = "0";// $id = $REQUESTid;//...
Directory traversal
Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the permalink parameter in core.php, accessed through index.php; and 2 the thispost parameter in comments.php...
CVE-2008-0559
Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the permalink parameter in core.php, accessed through index.php; and 2 the thispost parameter in comments.php...
CVE-2008-0559
Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the permalink parameter in core.php, accessed through index.php; and 2 the thispost parameter in comments.php...