elitecms 1.01 - SQL Injection / Cross-Site Scripting

eliteCMS 1.01 SQL/XSS Multiple Remote Vulns by xenohive greets to daganarus, dearest of all my friends. SQL injection requires magicquotes = off -/includes/functions.php --------------------------------- 89. function getpagesettings ... 92. $query = "SELECT FROM pages WHERE id = '$GET'page''"; 93...

WordPress MU wp-includes/wpmu-functions.php模块跨站脚本漏洞

BUGTRAQ ID: 34075 WordPress MU允许在单个wordpress安装上运行多个博客。 WordPress MU的chooseprimaryblog函数没有正确地过滤Host头。以下是wp-includes/wpmu-functions.php中的有漏洞代码段： 1830 function chooseprimaryblog 1831 global $currentuser; 1832 ? 1833 table class="form-table" 1834 tr 1835 th scope="row"?php e'Primary Blog'; ?/th 1836 ...

vbulletin365-rfi.txt

By Hasadya Raed Contact : RaeD at BsdMail dot Com email concealed - Israel Greetz : -Fairoz- ----------------------------------- vBulletin v3.6.5 Dork : "Powered by vBulletin v3.6.5. Copyright ©2000 - 2007 " ----------------------------------- Exploits :...

LokiCMS admin.php文件绕过安全限制漏洞

BUGTRAQ ID: 29448 LokiCMS是一款简单易用的网络内容管理系统。 LokiCMS的admin.php文件中存在逻辑错误，如果远程攻击者在所提交的HTTP POST请求中设置了LokiACTION和其他参数的话，则无需管理权限就可以设置CMS main settings。 以下是有漏洞的代码段： admin.php Lines:24-42 if isset $POST && isset $POST'LokiACTION' && strlen trim $POST'LokiACTION' 0 // we have an action to do switch trim...

Grape Statistics 0.2a (location) Remote File Inclusion Vulnerability

No description provided by source. Name : Grape Web Statistics Remote File include Vulnerability Download From :http://www.quate.net/link.php?grape Found By : MajnOoNxHaCkEr Home Page : http://www.4rxh.com ============================================================================ Vulne Code In...

Grape Statistics 0.2a (location) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ==================================================================== Grape Statistics 0.2a location Remote File Inclusion Vulnerability ==================================================================== Name : Grape Web Statistics Remote...

grape-rfi.txt

Name : Grape Web Statistics Remote File include Vulnerability Download From :http://www.quate.net/link.php?grape Found By : MajnOoNxHaCkEr Home Page : http://www.4rxh.com ============================================================================ Vulne Code In File functions.php : Function:...

Grape Statistics 0.2a - location Remote File Inclusion

Grape Statistics 0.2a - location Remote File Inclusion Name : Grape Web Statistics Remote File include Vulnerability Download From :http://www.quate.net/link.php?grape Found By : MajnOoNxHaCkEr Home Page : http://www.4rxh.com...

Grape Statistics 0.2a - 'location' Remote File Inclusion

Name : Grape Web Statistics Remote File include Vulnerability Download From :http://www.quate.net/link.php?grape Found By : MajnOoNxHaCkEr Home Page : http://www.4rxh.com ============================================================================ Vulne Code In File functions.php : Function:...

CVE-2008-0783

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via 1 the viewtype parameter to graph.php; 2 the filter parameter to graphview.php; 3 the action parameter to the drawnavigationtext...

SetCMS 3.6.5 (setcms.org) Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl SetCMS v3.6.5 setcms.org remote commands execution exploit by RST/GHC o4.o9.2oo6 coded by 1dt.w0lf THIS IS UNPUBLISHED RST/GHC EXPLOIT CODE KEEP IT PRIVATE про багу: file: functions.php FUNCTION ip global $userid; ifgetenv'HTTPCLIENTIP' $userip =...

SetCMS 3.6.5 - Remote Command Execution

SetCMS 3.6.5 - Remote Command Execution !/usr/bin/perl SetCMS v3.6.5 setcms.org remote commands execution exploit by RST/GHC o4.o9.2oo6 coded by 1dt.w0lf THIS IS UNPUBLISHED RST/GHC EXPLOIT CODE KEEP IT PRIVATE про багу: file: functions.php FUNCTION ip global $userid; ifgetenv'HTTPCLIENTIP...

SetCMS 3.6.5 (setcms.org) Remote Command Execution Exploit

Exploit for unknown platform in category web applications ========================================================== SetCMS 3.6.5 setcms.org Remote Command Execution Exploit ========================================================== !/usr/bin/perl SetCMS v3.6.5 setcms.org remote commands executio...

Privilege escalation

The CheckCustomerAccess function in functions.php in CRM-CTT Interleave before 4.2.0 formerly CRM-CTT does not properly verify user privileges, which allows remote authenticated users with the LIMITTOCUSTOMERS privilege to bypass intended access restrictions and edit non-active user settings. NOT...

CVE-2007-6222

The vulnerability CVE-2007-6222 affects CRM-CTT Interleave prior to 4.2.0 (formerly CRM-CTT). The CheckCustomerAccess function in functions.php does not properly verify user privileges, allowing remote authenticated users with the LIMITTOCUSTOMERS privilege to bypass access restrictions and edit ...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/functions.php in phpSCMS 0.0.1-Alpha1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE because the identified code is in a function that is not accessible via direct reques...

CVE-2007-5311

Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic Edition 1.07 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the ssuri parameter...

CVE-2007-5311

Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic Edition 1.07 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the ssuri parameter...

TorrentTrader Classic Mutiple Remote vulnerabilities

Hello,, TorrentTrader Classic Mutiple Remote vulnerabilities Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] Tested on TorrentTrader Classic v1.07 local file inclusion backend/admin-functions.php?ssuri=dd Xss...

CVE-2007-4893

wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user MU before 1.2.5a does not properly verify the unfilteredhtml privilege, which allows remote attackers to conduct cross-site scripting XSS attacks via modified data to 1 post.php or 2 page.php with a nofilter field...