8041 matches found
FLDS 1.2a Blind SQL Injection
FLDS 1.2a lpro.php id Blind SQL Injection Vulnerability + Discovered By SirGod + Greetz : All my friends + Blind SQL Injection - Get username : http://target/path/lpro.php?id=1 and asciisubstringSELECT username from users limit 0,1,1,196 Query is truepage loads normally.Going to next ascii char...
Archive::Tar: Directory traversal vulnerability
Background Archive::Tar is a Perl module for creation and manipulation of tar files. Description Jonathan Smith of rPath reported that Archive::Tar does not check for ".." in file names. Impact A remote attacker could entice a user or automated system to extract a specially crafted tar archive,...
Minigal b13 (index.php list) Remote File Disclosure Exploit
Exploit for unknown platform in category web applications =========================================================== Minigal b13 index.php list Remote File Disclosure Exploit =========================================================== ?php settimelimit0; function findpass$data $pass =...
[SECURITY] Fedora 8 Update: chmsee-1.0.0-5.31.fc8
A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized. ...
Pro Traffic One - poll_results.php SQL Injection
Pro Traffic One - pollresults.php SQL Injection | | Pro Traffic One pollresults.php id Remote SQL Injection Vulnerability | |-------------------- IQ-SecuritY ------------------- | | Author: Hussin X | | Home : WwW.IQ-ty.CoM | | email: darkangelg85atYahooDoTcom | | | | | script :...
NetScaler web management cookie information
It is possible to extract information about the remote Citrix NetScaler appliance obtained from the web management interface SPDX-FileCopyrightText: 2008 nnposter Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
XOOPS Module GesGaleri - SQL Injection
!/usr/bin/perl -w Xoops GesGaleri Sql injection Author : EcHoLL www.warezturk.org www.tahribat.com Greetz : Blacklabel TURK Godlike ! ModuleName: GesGaleri ! ScriptName: XOOPS ! GoogleDork: inurl:"/modules/GesGaleri/" system"color FF0000"; system"Nohacking"; print...
Stash 1.0.3 (SQL) User Credentials Disclosure Exploit
No description provided by source. !/usr/bin/perl -w User credentials disclosure exploit - stash103exp.pl Gnix [email protected] http://gnix.netsons.org This exploit use an SQL Injection in the file admin/login.php to bypass the login, and then an SQL Injection in the admin/news.php to extract a...
Stash 1.0.3 (SQL) User Credentials Disclosure Exploit
Exploit for unknown platform in category web applications ===================================================== Stash 1.0.3 SQL User Credentials Disclosure Exploit ===================================================== !/usr/bin/perl -w User credentials disclosure exploit - stash103exp.pl This...
Stash 1.0.3 - SQL Injection User Credentials Disclosure
!/usr/bin/perl -w User credentials disclosure exploit - stash103exp.pl Gnix http://gnix.netsons.org This exploit use an SQL Injection in the file admin/login.php to bypass the login, and then an SQL Injection in the admin/news.php to extract all the users info. Note: password are crypted with md5...
[SECURITY] Fedora 9 Update: chmsee-1.0.1-5.fc9
A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized. ...
euploader-sql.txt
E-Uploader Pro = 1.0 SQL Injection Vulnerability Author: !DoktOR! Date found: 26.08.08 Product: E-Uploader Pro Version: 1.0 Price: $49 URL: www.scriptsfrenzy.com Download script: http://rapidshare.com/files/18285945/E-UploaderPro.PHP.NULL-DGTlicense.zip Vulnerability Class: SQL Injection Conditio...
oceandir-sql.txt
/ @title Oceandir = 2.9 showvote.php id Remote SQL injection @author JEEN HACKER TEAM Jeen + Secertry @cost 250$ @script http://www.oceandir.com @copyright 2008 @homepage http://www.hackteach.org/cc/teach.php @email [email protected] , [email protected] / Exploit : user...
FreeBSD Security Advisory (FreeBSD-SA-05:11.gzip.asc)
The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-05:11.gzip.asc ADV FreeBSD-SA-05:11.gzip.asc OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft In...
FreeBSD Security Advisory (FreeBSD-SA-05:11.gzip.asc)
The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-05:11.gzip.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
zorum-blindsql.txt
!/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1 print " \n"; print " oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo\n"; print " o Zorum 3.5 Blind SQL Injection Exploit o\n"; print " o o\n"; print " o Discovered By: CraCkEr o\n"; print " o o\n"; print " o Coded B...
Dreamlevels Dreampics Builder 'page' SQL注入漏洞
BUGTRAQ ID: 30166 CNCAN ID:CNCAN-2008071103 Dreamlevels Dreampics Builder是一款基于PHP的WEB应用程序。 Dreamlevels Dreampics Builder不正确处理用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可能获得敏感信息或操作数据库。 问题由于脚本对用户提交给'page'参数缺少过滤,构建恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 DreamLevels Dreampics Builder 目前没有解决方案提供:...
MyMarket 1.72 Blind SQL Injection Exploit
Exploit for unknown platform in category web applications ========================================= MyMarket 1.72 Blind SQL Injection Exploit ========================================= !/usr/bin/perl MyMarket 1.72 Blind SQL Injection Exploit Bug by: h0yt3r Demo:...
CVE-2008-2146
wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATHINFO $PHPSELF, which allows remote attackers to bypass intended access restrictions for certain pages...
CVE-2008-2146
CVE-2008-2146 affects WordPress prior to 2.2.3, where wp-includes/vars.php fails to correctly extract the current path from PATH_INFO ($PHP_SELF). This allows remote attackers to bypass page access restrictions. The root cause is a path-determination flaw in WordPress’ request handling. A fix is ...