Ultimate Auction 3.67 ItemList.PL Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16254/info Ultimate Auction is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitra...

SaralBlog 1.0 - Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/16306/info saralblog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities...

Novell Netware Web Server 3.x files.pl Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2076/info Novell Web Server 3.x Examples Toolkit v.2 is a package containing example scripts and HTML files to help administrators design web sites. It is not a support Novell product and is provided solely as a convenien...

phpMDJ 1.0.3 - SQL Injection Vulnerability

No description provided by source. ,--------------------------------------------------------------, Vulnerable Script : phpMDJ 1.0.3 \ Download : http://www.weboac.be/phpmdj/docs/phpmdj1.0.3.zip \ Vulnerability : Remote Sql Injection ...

Allomani News 1.0 - CSRF Vulnerability (Add Admin)

No description provided by source. News 1.0 XSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://allomani.com/en/newsscript.html === Exploit === form method=POST name=form0...

QuiXplorer 2.3 - Bugtraq File Upload Vulnerability

No description provided by source. Exploit Title: QuiXplorer 2.3 = Bugtraq File Upload Vulnerability Google Dork: QuiXplorer 2.3 - the QuiX project Date: 13/11/2011 Author: PCA & krhrkrhr and Software Link: http://quixplorer.sourceforge.net/ Version: QuiXplorer 2.3 Tested on: linux ,windows CVE :...

DMXReady BillboardManager <= 1.1 Contents Change Vulnerability

No description provided by source. Title : DMXReady BillboardManager = 1.1 Remote Contents Change Vulnerability Author : x0r Contact : [email protected] \ [email protected] S.Page : http://www.dmxready.com $$ : 49.97 $ Permissions: Update Delete Insert Category / Sub Category Example: You Find -...

SG Real Estate Portal 2.0 - Blind SQL Injection Exploit

No description provided by source. ?php inisetmaxexecutiontime,0; printr' SG Real Estate Portal 2.0 - Blind SQL Injection Exploit Vulnerability discovered by: Stack Exploit coded by: Stack Greetz to: All My Freind Admin Panel: Target/SG/ Usage: php '.$argv0.' Target Userid Example : php '.$argv0....

Zanfi CMS lite 1.2 - Multiple Local File Inclusion Vulnerabilities

No description provided by source. +Zanfi CMS lite / Jaw Portal free index.php page Multiple Local File Inclusion +Discovered by SirGod +MorTal TeaM +Greetz E.M.I.N.EM,Ras,Puscasmarin,ToxicBlood,HrN,Kemrayz,007m + Dork : Powered by: Zanfi Solutions + Local File Inclusion PoC :...

ZeusCMS <= 0.3 - Remote Blind SQL Injection Exploit

No description provided by source. ? / ------------------------------------------------- ZeusCMS = 0.3 Remote Blind SQL Injection Exploit ------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://www.zeuscms.gr/ details..: works with...

Atomic Photo Album 1.1.0pre4 - Blind SQL Injection Exploit

No description provided by source. ?php inisetmaxexecutiontime,0; printr' Atomic Photo Album 1.1.0pre4 - Blind SQL Injection Exploit Vulnerability discovered by: Stack Exploit coded by: Stack Greetz to: All My Freind Dork: intext:Powered by Atomic Photo Album 1.1.0pre4 Admin Panel: Target/apa/...

OSSIM 2.1 - SQL Injection and xss

No description provided by source. OSSIM - Open Source Security Information Management is vulnerable to multiple security vulnerabilities. 1. SQL Injections 2. Linked XSS 3. Unauthorized access Digital Security Research Group DSecRG Advisory DSECRG-09-055 Application: OSSIM Versions Affected: 2.1...

BlackBerry Enterprise Server 4.0/4.1 MDS Connection Service Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34573/info BlackBerry Enterprise Server MDS Connection Service is prone to a cross-site scripting vulnerability because it fails to adequately sanitize user-supplied input. An attacker may leverage this issue to execute...

I-Pos Internet Pay Online Store <= 1.3 Beta SQL Injection Vulnerability

No description provided by source. + Title : I-Pos Internet Pay Online Store v1.3 Beta = Remote SQL Injection Vulnerability ========================================================================================== + Author : KnocKout + Special ThanX : Dr.Kacak & Cr@zy-King and CW ALL USERS . . ....

Oracle <= 9i / 10g (extproc) - Local/Remote Command Execution Exploit

No description provided by source. -- -- $Id: raptororaextproc.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororaextproc.sql - command exec via oracle extproc -- Copyright c 2006 Marco Ivaldi [email protected] -- -- Directory traversal vulnerability in extproc in Oracle 9i and 10g --...

MyBB Plugin Custom Pages 1.0 - Remote SQL Injection Vulnerability

No description provided by source. MyBulletin Board MyBB Plugin Custom Pages 1.0 - SQL Injection Vulnerability found by: LidlosesAuge Greetz to: free-hack.com Vulnerability: Document: pages.php GET-Parameter: page Dork: inurl:pages.php + intext:powered by mybb Example:...

Yellow Swordfish Simple Forum 1.10/1.11'topic' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27823/info Simple Forum is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise...

Pixel8 Web Photo Album 3.0 - Remote SQL Injection Vulnerability

No description provided by source. -------------------------------AlpHaNiX---------------------------------- Found By : AlpHaNiX website : www.nullarea.net contact : AlpHaATHACKERDOTBZ script : Pixel8 Web Photo Album v3.0 download : null Demo : http://www.jayeshp.com/Pixel8/Files/Demo.asp Exploit...

Allomani Super Multimedia Library 2.5.0 - CSRF Vulnerability (Add Admin)

No description provided by source. Super Multimedia Library 2.5.0 XSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://allomani.com/en/mediascript.html === Exploit === form method=POST...

Banshee 1.4.2 DAAP Extension 'apps/web/vs_diag.cgi' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34507/info Banshee DAAP Extension is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...