CVE-2010-0989

Pulse CMS contains a directory traversal vulnerability in delete.php (f parameter) affecting versions prior to 1.2.3. Exploitation allows remote authenticated users to delete arbitrary files on the server via directory traversal sequences. Severity is evidenced as moderately critical in Secunia’s...

Podcast Generator 1.2 Re-Installation

$file.$ext $Ldeleted"; / Explanation code snippet above points ----------------------------------------------------------------------------------- 1. blocks all 'amilogged' REQUEST variables,what about GLOBALS?,therefore useless! 2. if 'amilogged' isn't true - exit function activated. 3. unlink...

Podcast Generator <= 1.2 unauthorized Re-Installation Remote Exploit

Exploit for unknown platform in category web applications ==================================================================== Podcast Generator $file.$ext $Ldeleted"; / Explanation code snippet above points ----------------------------------------------------------------------------------- 1...

Podcast Generator 1.2 - Unauthorized Re-Installation

$file.$ext $Ldeleted"; / Explanation code snippet above points ----------------------------------------------------------------------------------- 1. blocks all 'amilogged' REQUEST variables,what about GLOBALS?,therefore useless! 2. if 'amilogged' isn't true - exit function activated. 3. unlink...

CVE-2009-0383

delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request...

Server side request forgery (ssrf)

delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request...

CVE-2009-0383

CVE-2009-0383 affects Max.Blog 1.0.6; the delete.php endpoint does not properly restrict access, enabling remote attackers to delete arbitrary blog posts via a direct request. The issue is caused by improper access control on the delete operation. Impact is partial integrity/partial availability ...

CVE-2009-0383

delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request...

Sports Clubs Web Panel 0.0.1 Remote Game Delete Exploit

Exploit for unknown platform in category web applications ======================================================= Sports Clubs Web Panel 0.0.1 Remote Game Delete Exploit ======================================================= !/usr/bin/perl -W Sports Clubs Web Panel 0.0.1 Remote Game Delete Explo...

Sports Clubs Web Panel 0.0.1 - Remote Game Delete

!/usr/bin/perl -W Sports Clubs Web Panel 0.0.1 Remote Game Delete Exploit File affected: include/draw-delete.php id Vuln Code: 06: $did = $GET'id'; 08: mysqlquery"DELETE FROM draw WHERE did='$did'"; by ka0x D.O.M Labs - Security Researchers - www.domlabs.org - ka0x@domlabs:/codes$ ./sportspanel.p...

CVE-2008-3302

CVE-2008-3302 describes an SQL injection in BilboBlog 0.2.1. The vulnerability exists in admin/delete.php when magic_quotes_gpc is disabled, allowing remote authenticated administrators to execute arbitrary SQL commands via the num parameter. Public references confirm the affected component and c...

eNews 0.1 (delete.php) Arbitrary Delete Post Vulnerability

No description provided by source. eNews 0.1 delete.php Arbitrary Delete Post Vulnerability Author: iLker Kandemir MEFISTO Script download : http://www.hotscripts.com/Detailed/81086.html script demo : http://emvvy.com/demos/enews/ site : www.dumenci.net...

eNews 0.1 - delete.php Arbitrary Delete Post

eNews 0.1 - delete.php Arbitrary Delete Post eNews 0.1 delete.php Arbitrary Delete Post Vulnerability Author: iLker Kandemir MEFISTO Script download : http://www.hotscripts.com/Detailed/81086.html script demo : http://emvvy.com/demos/enews/ site : www.dumenci.net...

eNews 0.1 - &#039;delete.php&#039; Arbitrary Delete Post

eNews 0.1 delete.php Arbitrary Delete Post Vulnerability Author: iLker Kandemir MEFISTO Script download : http://www.hotscripts.com/Detailed/81086.html script demo : http://emvvy.com/demos/enews/ site : www.dumenci.net ---------------------------------------------------------------- //poc: if...

CVE-2008-1785

delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter...

CVE-2008-1785

The CVE-2008-1785 issue affects Prozilla Top 100 1.2, where delete.php can be abused by remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter. Root cause appears to be parameter manipulation in delete.php, enabling unauthorized destructive acti...

CVE-2008-1785

delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter...

CVE-2007-4290

Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the scriptroot parameter to 1 delete.php, 2 edit.php, or 3 inc/common.inc.php; or 4 database.php, 5 entries.php, 6 index.php, 7 logout.php, or 8 settings.ph...

freeqboard-rfi.txt

freeqboard = 1.1 qbpath Remote File Include Vulnerability Author: Mr.3FReeT Softname: freeqboard code in : about.php , contact.php , delete.php , faq.php , index.php include "config.php"; include $qbpath."incs/mysql.php"; Exploit : """""""" www.site.com/path/index.php?qbpath=shellcode.txt?...

JaxUltraBB &lt;= 2.0 &#40;delete.php&#41; Defaced Exploit

!/usr/bin/php -q -d shortopentag=on ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...