59 matches found
PHPLib 7.4 - SQL Injection
PHPLib 7.4 - SQL Injection PHPLib SQL Injection Vendor: PHPLib Product: PHPLib Version: newid=true; $this-name = $this-cookiename==""?$this-classname:$this-cookiename; if "" == $id $this-newid=false; switch $this-mode case "get": $id = isset$HTTPGETVARS$this-name ?...
PHPLib < 7.4 - SQL Injection
PHPLib SQL Injection Vendor: PHPLib Product: PHPLib Version: newid=true; $this-name = $this-cookiename==""?$this-classname:$this-cookiename; if "" == $id $this-newid=false; switch $this-mode case "get": $id = isset$HTTPGETVARS$this-name ?...
phpRPC 0.7 - Remote Code Execution
phpRPC 0.7 - Remote Code Execution phpRPC Remote Code Execution Vendor: Robert Hoffman Product: phpRPC Version: = 0.7 Website: http://sourceforge.net/projects/phprpc/ BID: 16833 CVE: CVE-2006-1032 OSVDB: 23514 SECUNIA: 19028 PACKETSTORM: 44267 Description: phpRPC is meant to be an easy to use...
phpRPC < 0.7 - Remote Code Execution
phpRPC Remote Code Execution Vendor: Robert Hoffman Product: phpRPC Version: = 0.7 Website: http://sourceforge.net/projects/phprpc/ BID: 16833 CVE: CVE-2006-1032 OSVDB: 23514 SECUNIA: 19028 PACKETSTORM: 44267 Description: phpRPC is meant to be an easy to use xmlrpc library. phpRPC is greatly...
ADOdb < 4.71 - Cross Site Scripting
ADOdb Cross Site Scripting Vendor: John Lim Product: ADOdb Version: currpage = $SESSION$currpage; The above code is taken from adodb-pager.inc.php @ lines 72-77 and ultimately set's the $this-currpage variable to unsanitized user supplied input. Later on this variable is used when drawing the lin...
PHPXMLRPC < 1.1 - Remote Code Execution
PHPXMLRPC Remote Code Execution Vendor: Useful Information Inc. Product: PHPXMLRPC Version: = 1.1 Website: http://phpxmlrpc.sourceforge.net/ BID: 14088 CVE: CVE-2005-1921 OSVDB: 17793 SECUNIA: 15852 PACKETSTORM: 38394 Description: PHPXMLRPC aka XML-RPC For PHP is a PHP implementation of the XML-R...
PEAR XML_RPC 1.3.0 - Remote Code Execution
PEAR XMLRPC 1.3.0 - Remote Code Execution PEAR XMLRPC Remote Code Execution Vendor: The PEAR Group Product: PEAR XMLRPC Version: = 1.3.0 Website: http://pear.php.net/package/XMLRPC/ CVE: 17793 PACKETSTORM: 38393 Description: PEAR XMLRPC is a PHP implementation of the XML-RPC web RPC protocol, and...
Burning Board 2.3.1 - SQL Injection
Burning Board 2.3.1 - SQL Injection Burning Board SQL Injection Vendor: Woltlab GmbH Product: Burning Board Version: = 2.3.1 Website: http://www.woltlab.de/ BID: 13643 CVE: CVE-2005-1642 OSVDB: 16575 SECUNIA: 15395 PACKETSTORM: 39262 Description: Burning Board is a popular, multi purpose forum /...
Burning Board < 2.3.1 - SQL Injection
Burning Board SQL Injection Vendor: Woltlab GmbH Product: Burning Board Version: = 2.3.1 Website: http://www.woltlab.de/ BID: 13643 CVE: CVE-2005-1642 OSVDB: 16575 SECUNIA: 15395 PACKETSTORM: 39262 Description: Burning Board is a popular, multi purpose forum / community software offered by WoltLa...
AZBB < 1.0.07d - Multiple Vulnerabilities
AZBB Multiple Vulnerabilities Vendor: AZBB Product: AZBB Version: = 1.0.07d Website: http://azbb.cyaccess.com/ BID: 13272 13278 CVE: CVE-2005-1200 CVE-2005-1201 OSVDB: 15700 15701 15702 15703 SECUNIA: 15013 PACKETSTORM: 37792 Description: azbb is a forum that was written with a primary focus on...
ReviewPost 2.84 - Multiple Vulnerabilities
ReviewPost 2.84 - Multiple Vulnerabilities ReviewPost Multiple Vulnerabilities Vendor: All Enthusiast, Inc. Product: ReviewPost Version: = 2.84 Website: http://www.reviewpost.com/ BID: 12159 CVE: CVE-2005-0270 CVE-2005-0271 CVE-2005-0272 OSVDB: 12703 12704 12705 12706 12707 12708 SECUNIA: 13697...
PhotoPost Classifieds 2.01 - Multiple Vulnerabilities
PhotoPost Classifieds 2.01 - Multiple Vulnerabilities PhotoPost Classifieds Multiple Vulnerabilities Vendor: All Enthusiast, Inc. Product: PhotoPost Classifieds Version: = 2.01 Website: http://www.photopost.com/class/ BID: 12156 OSVDB: 12728 12729 12730 12731 12732 12733 12734 12735 12736 12737...
PHP-Calendar 0.10.1 - Arbitrary File Inclusion
PHP-Calendar 0.10.1 - Arbitrary File Inclusion PHP-Calendar Arbitrary File Inclusion Vendor: Sean Proctor Product: PHP-Calendar Version: = 0.10.1 Website: http://php-calendar.sourceforge.net/ BID: 12127 CVE: CVE-2004-1423 OSVDB: 12700 12701 SECUNIA: 22516 PACKETSTORM: 35563 Description: I was...
LiveWorld Multiple Products - Cross Site Scripting
LiveWorld Multiple Products - Cross Site Scripting LiveWorld Cross Site Scripting Vendor: LiveWorld, Inc Product: LiveWorld Version: Multiple Products Website: http://www.liveworld.com CVE: CVE-2004-2566 OSVDB: 9180 PACKETSTORM: 34143 Description: LiveWorld provides collaborative services for...
CS-Cart <= 1.3.5 (Auth Bypass) SQL Injection Vulnerability
No description provided by source. GulfTech Security Research September 02, 2008 Vendor : CS-Cart.com URL : http://www.cs-cart.com/ Version : CS-Cart = 1.3.5 Risk : SQL Injection Description: CS-Cart Cart is a full featured online ecommerce application written in php that allows users to build, r...
XML-RPC Library <= 1.3.0 (xmlrpc.php) Remote Code Injection Exploit
No description provided by source. tested and working /str0ke !/usr/bin/perl ilo-- This program is no GPL or has nothing to do with FSF, but some code was ripped from romansoft.. sorry, too lazy! xmlrpc bug by James from GulfTech Security Research. http://pear.php.net/bugs/bug.php?id=4692 xmlrpc...
Advanced Electron Forum <= 1.0.6 Remote Code Execution Vulnerability
No description provided by source. GulfTech Security Research September 20, 2008 Vendor : Electron Inc. URL : http://www.anelectron.com/ Version : AEF Forum = 1.0.6 Risk : Remote Code Execution Description: Advanced Electron Forum also known as AEF Forum is a full featured online forum system...
Advanced Electron Forum <= 1.0.6 Remote Code Execution Vulnerability
Exploit for unknown platform in category web applications ==================================================================== Advanced Electron Forum = 1.0.6 Remote Code Execution Vulnerability ==================================================================== GulfTech Security Research...
Crafty Syntax Live Help 2.14.6 - department SQL Injection
Crafty Syntax Live Help 2.14.6 - department SQL Injection Crafty Syntax Live Help = 2.14.6 SQL Injection August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured,...
sunshop414-sql.txt
GulfTech Security Research August 18, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : SunShop queryfirst"SELECT FROM ".$dbprefix."usersregistry WHERE id='".$POSTid."' AND userid='".$sess-gvar'userid'."'"; $data = filterdata$data; $out =...