97 matches found
DynPG 4.9.1 - Persistent Cross-Site Scripting (Authenticated)
Exploit Title: DynPG 4.9.1 - Persistent Cross-Site Scripting Authenticated Date: 2020-10-09 Exploit Author: Enes Özeser Vendor Homepage: https://dynpg.org/ Version: 4.9.1 Tested on: Windows & XAMPP == Tutorial alert"XSS"; == HTTP Request alert"XSS";...
DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php)
No description provided by source. DynPG CMS v4.1.0 Multiple Vulnerability fucking the Web Apps attack edition /\ \ /\ \ /\ /\ \ \ \ \L\ \ \ /'\ /\ \ \ ,\ \ \ \ \ /\ /\ \ /'\ \ , /\ \ /' \ /' \ \ \ /\ \ \ /'\ \ \ /\ \ \ /\ /\ \ \\ \ /\ /\ /\ \L\ \ \ \ \ \ \ \ /\ / \ \ \ /\ \...
DynPG CMS 4.1.0 - Multiple Vulnerabilities
No description provided by source. DynPG CMS v4.1.0 Multiple Vulnerability fucking the Web Apps attack edition /\ \ /\ \ /\ /\ \ \ \ \L\ \ \ /'\ /\ \ \ ,\ \ \ \ \ /\ /\ \ /'\ \ , /\ \ /' \ /' \ \ \ /\ \ \ /'\ \ \ /\ \ \ /\ /\ \ \\ \ /\ /\ /\ \L\ \ \ \ \ \ \ \ /\ / \ \ \ /\ \...
DynPG 4.2.0 - Multiple Vulnerabilities
No description provided by source. Vulnerability ID: HTB22703 Reference: http://www.htbridge.ch/advisory/lfiindynpg.html Product: DynPG Vendor: dynpg.org http://www.dynpg.org/ Vulnerable Version: 4.2.0 Vendor Notification: 16 November 2010 Vulnerability Type: Local File Inclusion Status: Fixed by...
DynPG <= 4.2.1 (FU/RFI/LFI.SQLi) Multiple Vulnerabilities
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
DynPG 4.2.1 LFI / RFI / SQL Injection
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...
CVE-2010-4400
SQL injection vulnerability in rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRightsUserId parameter...
CVE-2010-4401
languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message...
CVE-2010-4399
Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the CHGDYNPGSETLANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party...
Sql injection
SQL injection vulnerability in rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRightsUserId parameter...
Information disclosure
languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message...
Directory traversal
Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the CHGDYNPGSETLANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party...
CVE-2010-4401
languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message...
CVE-2010-4400
SQL injection vulnerability in rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRightsUserId parameter...
CVE-2010-4400
DynPG CMS 4.2.0 is vulnerable to SQL injection in _rights.php via the giveRights_UserId parameter due to insufficient input sanitization. This allows remote attackers to execute arbitrary SQL commands against the database, potentially reading, modifying, or deleting data. A fix is available: upgr...
CVE-2010-4401
DynPG CMS 4.2.0 is vulnerable via languages.inc.php, where direct requests disclose the installation path due to improper error handling. Exploitation details appear in public advisories; remediation is to apply the DynPG 4.2.1 security update. Other vulnerabilities in DynPG are noted in consolid...
CVE-2010-4399
Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the CHGDYNPGSETLANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party...
CVE-2010-4399
DynPG CMS versions 4.1.1 and 4.2.0 expose a local file inclusion (LFI) vulnerability in languages.inc.php via the CHG_DYNPG_SET_LANGUAGE parameter to index.php. The root cause is lack of input sanitization before including files, enabling a remote attacker to read arbitrary files through director...
DynPG 4.2.0 Multiple Vulnerabilities
Exploit for php platform in category web applications ==================================== DynPG 4.2.0 Multiple Vulnerabilities ==================================== Product: DynPG Vendor: dynpg.org http://www.dynpg.org/ Vulnerable Version: 4.2.0 Vendor Notification: 16 November 2010 Vulnerability...
LFI in DynPG
Vulnerability ID: HTB22703 Reference: http://www.htbridge.ch/advisory/lfiindynpg.html Product: DynPG Vendor: dynpg.org http://www.dynpg.org/ Vulnerable Version: 4.2.0 Vendor Notification: 16 November 2010 Vulnerability Type: Local File Inclusion Status: Fixed by Vendor Risk level: Medium Credit:...