661 matches found
CVE-2012-0782
Multiple cross-site scripting XSS vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 dbhost, 2 dbname, or 3 uname parameter. NOTE: the vendor disputes the significance of...
CVE-2011-4899
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static...
CVE-2012-0937
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost...
CVE-2011-3832
Eval injection vulnerability in config.php in Support Incident Tracker aka SiT! 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the applicationname parameter in a save action...
Design/Logic Flaw
Eval injection vulnerability in config.php in Support Incident Tracker aka SiT! 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the applicationname parameter in a save action...
CVE-2011-3832
Eval injection vulnerability in config.php in Support Incident Tracker aka SiT! 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the applicationname parameter in a save action...
WordPress <= 3.3.1 - Multiple Vulnerabilities
WordPress version 3.3.1 is prone to PHP code execution and persistent cross-site scripting vulnerabilities via "setup-config.php" page. The attackers can host their own MySQL database server and then successfully complete the WordPress installation without having any valid credentials on the targ...
WordPress 3.3.1 Code Execution / Cross Site Scripting
Trustwave's SpiderLabs Security Advisory TWSL2012-002: Multiple Vulnerabilities in WordPress https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt Published: 1/24/12 Version: 1.0 Vendor: WordPress http://wordpress.org/ Product: WordPress Version affected: 3.3.1 and prior Product...
WordPress 3.3.1 Code Execution / Cross Site Scripting
No description provided by source. Trustwave's SpiderLabs Security Advisory TWSL2012-002: Multiple Vulnerabilities in WordPress https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt Published: 1/24/12 Version: 1.0 Vendor: WordPress http://wordpress.org/ Product: WordPress Version...
WordPress <= 3.3.1 Multiple Vulnerabilities
Exploit for php platform in category web applications Trustwave's SpiderLabs Security Advisory TWSL2012-002: Multiple Vulnerabilities in WordPress Published: 1/24/12 Version: 1.0 Vendor: WordPress http://wordpress.org/ Product: WordPress Version affected: 3.3.1 and prior Product description:...
WordPress <= 3.3.1 - Multiple XSS
Because of these vulnerabilities in wp-admin/setup-config.php, the attackers can inject arbitrary web script or HTML. Solution Update WordPress...
BuzzyWall 1.3.2 File Disclosure
BuzzyWall 1.3.2 resolute.php Local File Disclosure Exploit Found by cr4wl3r @hackb0x d0rk: no d0rk f0r kiddi0ts Script: http://sourceforge.net/projects/buzzywall/files/buzzywall/ err0r c0de resolute.php ?PHP header "Content-type: image/jpeg"; $img = $GET'img'; header'Content-Disposition:...
Ecshop the latest version v. 2 7 2 Local include vulnerability Oday-vulnerability warning-the black bar safety net
“js/calendar.php”: the $lang = ! empty$GET'lang' ? trim$GET'lang' : 'EN';//no filter, obviously contains a vulnerability if ! fileexists'../languages/' . $lang . '/calendar.php' $lang = 'EN'; requiredirnamedirnameFILE . '/data/config.php'; header'Content-type: application/x-javascript; charset='...
PHP-NUKE Remote read config Vulnerability
Exploit for php platform in category web applications Exploit Title:PHP-NUKE remote read config Vulnerability Date: 6/6/2011 Author: Angel Injection home Page: http://www.club-h.co.cc Email: Angel-Injectionathotmail.com Vendor or Software Link:http://phpnuke.org Version: n/a Category:: webapps...
WebSVN 2.3.2 - Unproper Metacharacters Escaping exec() Remote Command Injection
WebSVN 2.3.2 - Unproper Metacharacters Escaping exec Remote Command Injection WebSVN 2.3.2 Unproper Metacharacters Escaping exec Remote Commands Injection Vulnerability tested against: Microsoft Windows Server R2 SP2 PHP 5.3.6 VC9 with magicquotesgpc = off default Apache 2.2.17 VC9 Introduction:...
Rash CMS SQL Injection Vulnerability
Exploit for php platform in category web applications InformatioN Title : Rash CMS SQL Injection Vulnerability Author : keracker Vendor or Software Link : http://rashcms.com Email : email protected Data : 2011-04-01 Google dork: ":: RashCMS :: - :: MihanPHP ::" Category: Webapps Tested on: Window...
Rash CMS SQL Injection
========================================== Rash CMS SQL Injection Vulnerability ========================================== InformatioN Title : Rash CMS SQL Injection Vulnerability Author : keracker Vendor or Software Link : http://rashcms.com Email : [email protected] Data : 2011-04-01 Google...
Rash CMS - SQL Injection
Rash CMS - SQL Injection ========================================== Rash CMS SQL Injection Vulnerability ========================================== InformatioN Title : Rash CMS SQL Injection Vulnerability Author : keracker Vendor or Software Link : http://rashcms.com Email : [email protected] Da...
Rash CMS - SQL Injection
========================================== Rash CMS SQL Injection Vulnerability ========================================== InformatioN Title : Rash CMS SQL Injection Vulnerability Author : keracker Vendor or Software Link : http://rashcms.com Email : [email protected] Data : 2011-04-01 Google...
Pligg CMS 1.1.3 - Multiple Vulnerabilities
Exploit title: Pligg CMS file existence exploration/shared hosting privilege escalation H.ackAck.net Found by: Jelmer de Hen 15/03/2011 I released some Pligg exploits: http://h.ackack.net/the-pligg-cms-0dayset-1.html 22/03/2011 a patch became evailable; patching took 7 days:...