CVE-2008-6650

del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary posts via a direct request with a modified postid parameter, a different vulnerability than CVE-2008-4628...

CVE-2008-4628

SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter...

Sql injection

SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter...

CVE-2008-4628

SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter...

CVE-2008-4628

CVE-2008-4628 describes an SQL injection in del.php of the MyWebland miniBloggie 1.0, exploitable via the post_id parameter. The affected software is explicitly stated as myWebland miniBloggie 1.0 and the vulnerable component is del.php. The underlying issue is a SQL injection vulnerability that ...

miniBloggie 1.0 (del.php) Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/php ?php errorreporting0; / miniBloggie 1.0 del.php Remote Blind SQL Injection Exploit ------------------------------------------------------------ Author - StAkeR aka athos - StAkeRathotmaildotit Date - 18/10/2008 Get -...

miniBloggie 1.0 (del.php) Remote Blind SQL Injection Exploit

Exploit for unknown platform in category web applications ============================================================ miniBloggie 1.0 del.php Remote Blind SQL Injection Exploit ============================================================ !/usr/bin/php StAkeR aka athos Date - 18/10/2008...

miniBloggie 1.0 - 'del.php' Blind SQL Injection

!/usr/bin/php StAkeR aka athos - StAkeRathotmaildotit Date - 18/10/2008 Get - http://www.mywebland.com/dl.php?id=2 ------------------------------------------------------------ File del.php 25. if isset$GET'postid' $postid = $GET'postid'; 26. if isset$GET'confirm' $confirm = $GET'confirm'; 27. 28...

minibloggie-sql.txt

!/usr/bin/php StAkeR aka athos - StAkeRathotmaildotit Date - 18/10/2008 Get - http://www.mywebland.com/dl.php?id=2 ------------------------------------------------------------ File del.php 25. if isset$GET'postid' $postid = $GET'postid'; 26. if isset$GET'confirm' $confirm = $GET'confirm'; 27. 28...

miniBloggie 1.0 (del.php) Arbitrary Delete Post Vulnerability

No description provided by source. MiniBloggie Arbitrary Delete Post Vulnerability Author: Cod3rZ Site: http://cod3rz.helloweb.eu PoC: if isset$GET'postid' $postid = $GET'postid'; if isset$GET'confirm' $confirm = $GET'confirm'; ... elseif $confirm=="yes" ... $sql = "DELETE FROM blogdata WHERE...

Admin Phorum 3.3.1.a (del.php include_path)File Include Vulnerability

Admin Phorum 3.3.1.a del.php includepathFile Include Vulnerability Author: GoldM Hacker at w.Cn Mahmoodali Homepage: Www.Tryag.Cc Download S : http://www.phpforums.net/admin331.zip Other Info : http://www.phpforums.net/index.php?dir=dld v.Code : Line 3 require "$includepath/deletemessage.php";...

Admin Phorum 3.3.1a - del.php?include_path Remote File Inclusion

Admin Phorum 3.3.1a - del.php?includepath Remote File Inclusion Admin Phorum 3.3.1.a del.php includepathFile Include Vulnerability Author: GoldM Mahmoodali Homepage: Www.Tryag.Cc Download S : http://www.phpforums.net/admin331.zip Other Info : http://www.phpforums.net/index.php?dir=dld v.Code : Li...

Eskolar CMS 0.9.0.0 - Blind SQL Injection

Eskolar CMS 0.9.0.0 - Blind SQL Injection ================================================================================================== !/usr/bin/perl use IO::Socket; ==================================================================================================...

Sql injection

Multiple SQL injection vulnerabilities in myEvent 1.x allow remote attackers to inject arbitrary SQL commands via the eventid parameter to 1 addevent.php or 2 del.php or 3 eventdesc parameter to addevent.php. NOTE: the provenance of this information is unknown; the details are obtained solely fro...

CVE-2005-4225

Multiple "potential" SQL injection vulnerabilities in myBloggie 2.1.3 beta might allow remote attackers to execute arbitrary SQL commands via 1 the category parameter in add.php, 2 the catdesc parameter in addcat.php, 3 the level and user parameters in adduser.php, 4 the postid parameter in...

CVE-2005-2818

CVE-2005-2818 concerns a cross-site scripting (XSS) vulnerability in DownFile 1.3. The issue arises from unvalidated input in the id parameter passed to four PHP scripts (email.php, index.php, del.php, add_form.php), enabling remote attackers to inject arbitrary JavaScript/HTML. The available doc...

CVE-2005-2818

Cross-site scripting XSS vulnerability in DownFile 1.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter to 1 email.php,2 index.php, 3 del.php, or 4 addform.php...

CVE-2005-2819

CVE-2005-2819 affects DownFile 1.3. Remote attackers can gain administrator privileges through direct HTTP requests to update.php, del.php, and add_form.php. The provided materials describe the affected components and impact but do not specify the underlying root cause or a verified exploit metho...

CVE-2005-2819

DownFile 1.3 allows remote attackers to gain administrator privileges via a direct request to 1 update.php, 2 del.php, and 3 addform.php...