SiteEngine 7.1 - SQL Injection

SiteEngine 7.1 - SQL Injection Title: SiteEngine 7.1 SQL injection Vulnerability Date: 2010-11-25 Author: Beach Team: www.linux520.com Vendor: www.siteengine.net www.boka.cn Dork: "Powered by SiteEngine" //300,000 + Language:PHP Greetz: birdarmy Description: Exploit this vulnerability comment mus...

SiteEngine 6.0 SQL注入漏洞

网站引擎SiteEngine,全称：博卡网站引擎管理系统，软件基于PHP程序和Mysql数据库开发，采用B/S体系结构。 利用这个漏洞需要评论功能开启默认开启 SiteEngine 6.0 厂商补丁： SiteEngine ------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.siteengine.net/...

CVE-2009-4874

CVE-2009-4874 affects TalkBack 2.3.14 where the edit comment feature (comments.php) does not correctly enforce access control, allowing remote modification of comments. The root cause is insufficient access restrictions on the edit-comment functionality. Documents do not provide a confirmed patch...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name and possibly 2 message parameters. NOTE: some of these details are obtained from third party information...

CVE-2010-1712

Multiple cross-site scripting XSS vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name and possibly 2 message parameters. NOTE: some of these details are obtained from third party information...

Cmsez(with easy)total Station system vulnerabilities, 0day analysis-vulnerability warning-the black bar safety net

Affected versions: Cmsez Web Content Manage System v2. 0. 0 Vulnerability description: File: comments.php viewimg.php Code: --------------- ? //comments include "mainfile.php"; $art=new article; //set $confirm='yes';//yes:need administrator authentication to the display,n is displayed directly in...

Cmsez(with easy)the whole Station system of 0day-vulnerability warning-the black bar safety net

Program name: Cmsez Web Content Manage System v2. 0. 0 File: comments.php viewimg.php Code: --------------- ? //comments include "mainfile.php"; $art=new article; //Set $confirm='yes';//yes:need administrator authentication to the display,n is displayed directly $member=new member;...

CVE-2009-4093

Multiple cross-site scripting XSS vulnerabilities in comments.php in Simplog 0.9.3.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 cname Name or 2 email parameters...

CVE-2009-4093

Multiple cross-site scripting XSS vulnerabilities in comments.php in Simplog 0.9.3.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 cname Name or 2 email parameters...

CVE-2009-4091

comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the 1 edit or 2 del action...

CVE-2009-4091

The CVE-2009-4091 entry affects Simplog 0.9.3.2 (and potentially earlier) in comments.php where access restrictions are insufficient. This permits remote attackers to edit or delete comments via the (1) edit or (2) del actions. The NVD entry assigns a CVSS v2 base score of 5.0 (Medium) with netwo...

CVE-2009-2933

SQL injection vulnerability in comments.php in Piwigo before 2.0.3 allows remote attackers to execute arbitrary SQL commands via the itemsnumber parameter...

CVE-2009-2933

SQL injection vulnerability in comments.php in Piwigo before 2.0.3 allows remote attackers to execute arbitrary SQL commands via the itemsnumber parameter...

CVE-2009-2552

Multiple directory traversal vulnerabilities in comments.php in Super Simple Blog Script 2.5.4 allow remote attackers to overwrite, include, and execute arbitrary local files via the entry parameter...

CVE-2009-2552

CVE-2009-2552 affects Super Simple Blog Script 2.5.4, specifically the comments.php component. The vulnerability is described as multiple directory traversal flaws that allow remote attackers to overwrite, include, and execute arbitrary local files via the entry parameter. The available sources (...

Super Simple Blog Script 2.5.4 - entry SQL Injection

Super Simple Blog Script 2.5.4 - entry SQL Injection ----------exploit Debut Remote SQL Injection Vulnerability ----------Script Info Moi : JIKO Site : No-exploit.Com Email : mm : Moghla9 Ferme Closed ----------Script Info Site:http : http://www.supersimple.org/ Download :...

Super Simple Blog Script 2.5.4 - Local File Inclusion

Super Simple Blog Script 2.5.4 - Local File Inclusion ----------exploit Debut Local File Inclusion Vulnerability ----------Script Info Moi : JIKO Site : No-exploit.Com Email : mm : Moghla9 Ferme Closed ----------Script Info Site:http : http://www.supersimple.org/ Download :...

Super Simple Blog Script 2.5.4 - Local File Inclusion

----------exploit Debut Local File Inclusion Vulnerability ----------Script Info Moi : JIKO Site : No-exploit.Com Email : mm : Moghla9 Ferme Closed ----------Script Info Site:http : http://www.supersimple.org/ Download : http://supersimple.org/downloads/SuperSimpleBlogScriptV254.zip...

Super Simple Blog Script 2.5.4 SQL Injection

----------exploit Debut Remote SQL Injection Vulnerability ----------Script Info Moi : JIKO Site : No-exploit.Com Email : mm : Moghla9 Ferme Closed ----------Script Info Site:http : http://www.supersimple.org/ Download : http://supersimple.org/downloads/SuperSimpleBlogScriptV254.zip...

CVE-2009-1038

Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 imageid parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the 2 user parameter in a modif action to admin/index.php...