E-Manage MySchool 7.02 SQL Injection

Exploit Title: SQL Injection MySchool Version 7.02 Google Dork: "MySchool Version 7.02" Date: 05-21-2011 Software Link: http://em.com.eg/ Version: Version 7.02 Author: az7rb Tested on : winxp sp3 Ar end bt5 Homepage : www.p0c.cc Greetz : p0c Team & Dr.NaNo & All My Msn Messenger Friends wWw.p0c.c...

Multiple Vulnerabilities in LoudBlog

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in LoudBlog which could be exploited to perform cross-site scripting and SQL injection attacks. 1 Cross-site scripting XSS vulnerability in LoudBlog The vulnerability exists due to input sanitation error in the "id"...

DORG 1.1 Cross Site Request Forgery

DORG 1.1 Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail : submitat1337day.com 1 0 0 1 1 0 I'm KnocKout member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 My Live...

Fedora 15 : fail2ban-0.8.4-27.fc15 (2011-5135)

fail2ban used predictable /tmp files which a local user can allocate before fail2ban does. All tmp files have been moved to /var/lib/fail2ban. This also helps with selinux policies. Another security related fix is that fail2ban defaulted to gamin which conflicts with selinux, so users had to...

Cross-site Scripting (XSS) Vulnerability in WP Photo Album

High-Tech Bridge SA Security Research Lab has discovered vulnerability in WP Photo Album which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in WP Photo Album The vulnerability exists due to input sanitation error in the "id" parameter in...

Allomani Movies Library 2.0 - Cross-Site Request Forgery (Add Admin)

Allomani Movies Library 2.0 - Cross-Site Request Forgery Add Admin Movies Library 2.0 XSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://allomani.com/en/moviesscript.html === Exploit ===...

Allomani Movies Library 2.0 - Cross-Site Request Forgery (Add Admin)

Movies Library 2.0 XSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://allomani.com/en/moviesscript.html === Exploit ===...

Allomani Audio and Video Library 2.7.0 - Cross-Site Request Forgery (Add Admin)

Audio & Video Library 2.7.0 XSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://allomani.com/en/audioandvideoscript.html === Exploit ===...

Allomani News 1.0 - Cross-Site Request Forgery (Add Admin)

News 1.0 XSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://allomani.com/en/newsscript.html === Exploit ===...

Allomani Super MultiMedia Library 2.5.0 - Cross-Site Request Forgery (Add Admin)

Allomani Super MultiMedia Library 2.5.0 - Cross-Site Request Forgery Add Admin Super Multimedia Library 2.5.0 XSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script :...

Cross-site Request Forgery (CSRF) in Plogger

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Plogger which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF vulnerability in Plogger The vulnerability exists due to insufficient validation of the request...

EAFlashUpload 2.5 - Arbitrary File Upload

Exploit Title: EAFlashUpload v 2.5 File Arbitrary Upload Date: 21/03/2011 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: EAFlashUpload v 2.5 Software Link: http://www.easyalgo.com/downloads.aspxEAFlashUpload Demo:...

Tugux CMS (nid) BLIND sql injection vulnerability

=================================================================== Tugux CMS nid BLIND sql injection vulnerability =================================================================== Software: Tugux CMS Vendor: www.tugux.com Vuln Type: BLind SQL Injection Download link:...

Multiple Vulnerabilities in Collabtive

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Collabtive which could be exploited to perform cross-site scripting and cross-site request forgery attacks and gain access to sensitive information. 1 Cross-site scripting XSS vulnerability in Collabtive 1.1 The...

BMForum Myna 6.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Author: Stephan Sattler Software Website: http://www.bmforum.com/ Software Link: http://www.bmforum.com/down/ Required: magic quotes = Off Vulnerability /add-on/jsviewnew.php line 20++: $length = $GET'length'; $forumid = $GET'forumid'; $num =...

MySms 1.0 - Multiple Vulnerabilities

MySms v1.0 Multiple Vulnerabilities ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] === Exploit === 1Auth Bypass =============== www.site.com/MySms/admin/index.php Username: 'or'a'='a Password: 'or'a'='a 2CSRF ======= Add Admin...

Cross-site Scripting (XSS) Vulnerability in Question and Answer Forum

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Question and Answer Forum WordPress plugin which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Question and Answer Forum The vulnerability exists due to input...

SQL Injection Vulnerabilities in WP Forum Server

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in WP Forum Server WordPress plugin which could be exploited to perform SQL injection attacks. 1 SQL injection vulnerabilities in WP Forum Server 1.1 The vulnerability exists due to input sanitation errors in the...

Multiple Vulnerabilities in IWantOneButton WordPress Plugin

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in IWantOneButton WordPress Plugin which could be exploited to perform cross-site scripting and SQL injection attacks. 1 Cross-site scripting XSS vulnerability in IWantOneButton WordPress Plugin The vulnerability...

PHP Link Directory Software - 'sbcat_id' SQL Injection

== |Author: BorN To K!LL - h4ck3r |Contact: [email protected] == |Script: PHP link Directory software |Version: n/a |Link: http://www.softbizsolutions.com/php-link-directory-software.php == |3xploit: path/showcats.php?sbcatid=SQL-Injection |3xample:...