Joomla Camp26 VisitorData Module Shell Command Injection Vulnerability

No description provided by source. A vulnerability has been discovered in the Camp26 VisitorData module for Joomla, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "X-Forwarded-For" HTTP header is not properly sanitised before being used as a...

ewebeditor php&asp版本后台跳过认证漏洞

eWebEditor是一个所见即所得的在线编辑器。顾名思义，就是能在网络上使用所见即所得的编辑方式进行编辑图文并茂的文章、新闻、讨论贴、通告、记事等多种文字处理应用。 ../ewebeditor/admin/config.php文件 用户认证方式存在严重的安全漏洞，可以直接跳过认证获取到管理员权限。 php v3.8 asp v2.8 暂无 请参考官方补丁 首先当然要找到登陆后台,默认是../eWebEditor/admin/login.php,进入后台后随便输入一个用户和密码,当然会提示出错了. 这时候你清空浏览器的url,然后输入...

CVE-2009-0763

Cross-site scripting XSS vulnerability in default.php in Kipper 2.01 allows remote attackers to inject arbitrary web script or HTML via the charm parameter...

1024 CMS <= 1.4.4 Multiple Remote/Local File Inclusion Vulnerabilities

No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-027 Application: 1024 CMS Versions Affected: 1.4.3, 1.4.4 RFC Vendor URL: http://www.1024cms.com/...

Sql injection

SQL injection vulnerability in default.php in MMSLamp allows remote attackers to execute arbitrary SQL commands via the idpro parameter in a prodottidettaglio action...

CVE-2007-6575

CVE-2007-6575 covers an SQL injection in MMSLamp’s default.php, exploitable via the idpro parameter in a prodotti_dettaglio action. The vulnerability allows remote attackers to craft SQL commands that may affect the database; the NVD metrics indicate a high impact with network access, low attack ...

MMSLamp (idpro) Remote SQL Injection Vulnerability

No description provided by source. Name : mmsLamp SQL Injection Vulnerability. Author : x0kster Email : [email protected] Script Page : http://www.brand039.com/?service=prodottidettaglio&idpro=4 Date : 22/12/2007 Bug in : default.php PoC :...

mmslamp-sql.txt

Name : mmsLamp SQL Injection Vulnerability. Author : x0kster Email : [email protected] Script Page : http://www.brand039.com/?service=prodottidettaglio&idpro=4 Date : 22/12/2007 Bug in : default.php PoC : http://site.com/default.php?service=prodottidettaglio&idpro=SQL Example:...

MMSLamp (idpro) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================== MMSLamp idpro Remote SQL Injection Vulnerability ================================================== Name : mmsLamp SQL Injection Vulnerability. Author : x0kster Date : 22/12/2007 Bug in :...

MMSLamp - idpro SQL Injection

MMSLamp - idpro SQL Injection Name : mmsLamp SQL Injection Vulnerability. Author : x0kster Email : [email protected] Script Page : http://www.brand039.com/?service=prodottidettaglio&idpro=4 Date : 22/12/2007 Bug in : default.php PoC : http://site.com/default.php?service=prodottidettaglio&idpro=SQ...

MMSLamp - &#039;idpro&#039; SQL Injection

Name : mmsLamp SQL Injection Vulnerability. Author : x0kster Email : [email protected] Script Page : http://www.brand039.com/?service=prodottidettaglio&idpro=4 Date : 22/12/2007 Bug in : default.php PoC : http://site.com/default.php?service=prodottidettaglio&idpro=SQL Example:...

Unfixed XSS vulnerability at b-naturals.com

Security researcher MaXWeL, has submitted on 08/03/2007 a cross-site-scripting XSS vulnerability affecting b-naturals.com, which at the time of submission ranked 1641639 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/03/2007. It is currentl...

ppalCart.txt

+-------------------------------------------------------------------- + + ppalCart V2.5 EE Remote File Inclusion + +------------------------------------------------------------------- + + Affected Software .: Software + Version .............: ppalCart 2.5 EE + Venedor ...........:...