Ubiquiti Inc.: Reflected XSS

Due to the lack of sanitisation in the commend area, with a especially crafted message, is possible to execute a XSS with the "preview" function. If a draft is save, is possible to exploit this bug using as and stored-XSS. The "New Discussion" page on the Spanish and Portuguese forums have a...

Public Media Manager SQLi vulns

Exploit for unknown platform in category web applications =============================== Public Media Manager SQLi vulns ================================ Product name: Public Media Manager This product, an online NEWS CMS, suffers from SQL injection in login so that we can bypass the login syste...

Public Media Manager Bypass / SQL Injection

Public Media Manager SQLi vulns By learn3r hacker from Nepal [email protected] Product name: Public Media Manager This product, an online NEWS CMS, suffers from SQL injection in login so that we can bypass the login system. Also, it suffers from SQLi in the GET variables which can be...

sebraccms-sql.txt

Name: SebracCMS Webiste: http://www.sebrac.netsons.org/cms/ Vulnerability type: SQL Injection Author: shinmai, 2008-06-28 Description: SebracCMS contains two major SQL injection vulnerabilities: Unsanitazed POST-variables in SQL queries when logging users in. This allows login access without prop...

SebracCMS 0.4 - Multiple SQL Injections

SebracCMS 0.4 - Multiple SQL Injections Name: SebracCMS Webiste: http://www.sebrac.netsons.org/cms/ Vulnerability type: SQL Injection Author: shinmai, 2008-06-28 Description: SebracCMS contains two major SQL injection vulnerabilities: Unsanitazed POST-variables in SQL queries when logging users i...

SebracCMS <= 0.4 Multiple SQL Injection Vulnerabilities

No description provided by source. Name: SebracCMS Webiste: http://www.sebrac.netsons.org/cms/ Vulnerability type: SQL Injection Author: shinmai, 2008-06-28 Description: SebracCMS contains two major SQL injection vulnerabilities: Unsanitazed POST-variables in SQL queries when logging users in. Th...

SebracCMS <= 0.4 Multiple SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications ======================================================= SebracCMS = 0.4 Multiple SQL Injection Vulnerabilities ======================================================= Name: SebracCMS Webiste: http://www.sebrac.netsons.org/cms/ Vulnerabilit...

ASP Product catalog SQL injection vulnerability

ASP Product catalog SQL injection vulnerability. A nice little SQL injection vulnerability exists within ASP Product Catalog. The application fails to check for bad input from GET'd variables used in SQL query operations. In this case, the variable cid can be used for SQL injection queries...

aspcatalog-sql.txt

ASP Product catalog SQL injection vulnerability. A nice little SQL injection vulnerability exists within ASP Product Catalog. The application fails to check for bad input from GET'd variables used in SQL query operations. In this case, the variable cid can be used for SQL injection queries...

joblister-sql.txt

JobLister3 by SkilMatch Staffing Systems, Inc. Multiple SQL injection vulnerabilities http://www.dubdubdub.com/ http://www.skilmatch.com/ The search form filed doesnt strip special characters that have special meanings. A single quote makes the application spit out a number of errors. This is not...

Insanely simple blog - Multiple vulnerabilities

Insanely simple blog version 0.5 and below http://sourceforge.net/projects/insanelysimple2 ISB contains multple vulnerabilities including both XSS, and SQL injection. First off, the search action fails to strip user content for html allowing a user to input tags. Next, anonymous blog entries can...

isb05-sql.txt

Insanely simple blog version 0.5 and below http://sourceforge.net/projects/insanelysimple2 ISB contains multple vulnerabilities including both XSS, and SQL injection. First off, the search action fails to strip user content for html allowing a user to input tags. Next, anonymous blog entries can...

Eskolar CMS 0.9.0.0 - Blind SQL Injection

Eskolar CMS 0.9.0.0 - Blind SQL Injection ================================================================================================== !/usr/bin/perl use IO::Socket; ==================================================================================================...

security flaw

phpvariables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via 1 GET, 2 POST, or 3 COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length...

CVE-2004-0958

phpvariables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via 1 GET, 2 POST, or 3 COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length...