3918 matches found
phpDEV5 - Remote Default Insecure Users
------------------------------------------------------------------------ PHPDev5 Remote Insecure Default Users & Passwords vuln. By : Ali7 e-mail : [email protected] date : 09-03-2k5 greetz : all my friends ; AlkaeN ; s4a.cc boyz ; Target : PHPDev 5 URL : www.firepages.com.au -...
phpDEV5 Remote Default Insecure Users Vuln
No description provided by source. ------------------------------------------------------------------------ PHPDev5 Remote Insecure Default Users & Passwords vuln. By : Ali7 e-mail : [email protected] date : 09-03-2k5 greetz : all my friends ; AlkaeN ; s4a.cc boyz ; Target : PHPDev 5 URL :...
phpDEV5 Remote Default Insecure Users Vuln
Exploit for unknown platform in category web applications ========================================== phpDEV5 Remote Default Insecure Users Vuln ========================================== ------------------------------------------------------------------------ PHPDev5 Remote Insecure Default Users...
PHPCOIN 1.2 - login.php Multiple Cross-Site Scripting Vulnerabilities
PHPCOIN 1.2 - login.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/12686/info Multiple remote input-validation vulnerabilities affect phpCOIN because the application fails to properly sanitize user-supplied input before using it to carry out critical...
vpasp.txt
VP-ASP Shopping Cart Version 5.0 Google style by fris Finding VP-ASP 5.00 Sites in Google: In google type: intitle:VP-ASP Shopping Cart 5.00 You will find many websites with VP-ASP 5.00 cart software installed Now lets goto the exploit the page will be like this:...
Sybase SQL sa Account Blank Password
The remote Sybase SQL server has the default 'sa' account enabled without any password. An attacker may use this flaw to execute commands against the remote host as well as read database content. C Tenable Network Security, Inc. This script is based on mssqlblankpassword.nasl which is C H D Moore...
[SePro Bugtraq] SQL-Injection in PerlDesk 1.x
SQL-Injection in PerlDesk Discovered by deluxe89 and Astovidatu www.security-project.org Vendor: LogicNow Homepage: http://www.perldesk.com/ Vulnerable versions: 1.x Login required: no Description: "PerlDesk is a feature packed web based help desk and email management application designed to...
[SA14124] Mambo Global Variables Security Bypass Vulnerability
TITLE: Mambo Global Variables Security Bypass Vulnerability SECUNIA ADVISORY ID: SA14124 VERIFY ADVISORY: http://secunia.com/advisories/14124/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: From remote SOFTWARE: Mambo 4.x http://secunia.com/product/872/ DESCRIPTION: A vulnerability...
RHEL 2.1 / 3 : perl (RHSA-2005:069)
An updated perl-DBI package that fixes a temporary file flaw in DBI::ProxyServer is now available. DBI is a database access Application Programming Interface API for the Perl programming language. The Debian Security Audit Project discovered that the DBI library creates a temporary PID file in an...
Low: Red Hat Security Advisory: perl security update
An updated perl-DBI package that fixes a temporary file flaw in DBI::ProxyServer is now available. DBI is a database access Application Programming Interface API for the Perl programming language. The Debian Security Audit Project discovered that the DBI library creates a temporary PID file in an...
phpMyWebHosting Authentication SQL Injection
The remote host is running PHPMyWebHosting, a web hosting management interface written in PHP. The remote version of this software does not perform a proper validation of user-supplied input and is, therefore, vulnerable to a SQL injection attack. An attacker may execute arbitrary SQL statements...
IBProArcade index.php Arcade Module gameid Parameter SQL Injection
The remote host is running ibProArcade, a web-based score board system written in PHP. One of the application's CGIs, index.php, is affected by a SQL injection vulnerability in the 'gameid' parameter. An attacker may exploit this flaw to execute arbitrary SQL statements against the remote databas...
CVE-2004-2551
Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow remote attackers to execute arbitrary SQL commands via 1 the syscommentid parameter in editcommentenduser.asp, 2 the syssuspendid parameter in editsuspensionuser.asp, 3 the table parameter in exportdata.asp, 4 the sysanalgroup...
ASP-Rider - SQL Injection
ASP-Rider - SQL Injection source: https://www.securityfocus.com/bid/11933/info A remote SQL injection vulnerability reportedly affects ASP-Rider Web blog. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An attacker m...
mp-invision.txt
SQL-injection in Invision Power Board 2.x MaxPatrol Security Advisory 11.18.04 November 18, 2004 Release Date: November 18, 2004 Date Reported: November 12, 2004 Severity: High Application: Invision Power Board v2.x Affects versions: IPB 2.0.0, IPB 2.0.1 and IPB 2.0.2. Platform: PHP I. DESCRIPTIO...
bBlog rss.php p Parameter SQL Injection
The remote server runs a version of bBlog, a blogging system written in PHP and released under the GPL, which is as old as or older than version 0.7.4. The remote version of this software is affected by a SQL injection attack in the script 'rss.php'. This issue is due to a failure of the...
Computer Associates Unicenter default password
Database access password is stored in installation batch files as cleartext...
Debian DSA-428-1 : slocate - buffer overflow
A vulnerability was discovered in slocate, a program to index and search for files, whereby a specially crafted database could overflow a heap-based buffer. This vulnerability could be exploited by a local attacker to gain the privileges of the 'slocate' group, which can access the global databas...
PD9 MegaBBS Multiple Vulnerabilities
The remote host is running MegaBBS, a web-based bulletin board system written in ASP. The remote version of this software is vulnerable to a SQL injection attack due to a lack of sanitization of user-supplied input. An attacker may exploit this flaw to issue arbitrary statements in the remote...
Remository - SQL Injection
Remository - SQL Injection source: https://www.securityfocus.com/bid/11219/info It is reported that the ReMOSitory module for Mambo is prone to an SQL injection vulnerability. This issue is due to a failure of the module to properly validate user supplied URI input. Because of this, a malicious...