1163 matches found
PHP-Nuke 8.0 Final - 'INSERT' Blind SQL Injection (MySQL)
!/usr/bin/perl 0day exploit for PHP-nuke = 4.0.24, using 'brute force' Coded by:Maciej krasza [email protected] Screenshot: 0day exploit for PHP-nuke new; my $zadanie = HTTP::Request-newGET = $adres; my...
ContentNow 1.39 (pageid) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl -w use IO::Socket; use strict; ContentNow "pageid" Sql Injection Version : 1.39 Url : http://www.contentnow.mf4k.de Author : Alfredo 'revenge' Pesoli Advisory : http://www.0xcafebabe.it/advisory/contentnow139sqlinjection.txt Description: The...
PHP-Fusion 6.0.x - 'news.php' SQL Injection
source: https://www.securityfocus.com/bid/19908/info PHP-Fusion is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or...
XSS in Monster Top List | MTL 1.4
XSS in Monster Top List | MTL 1.4 --------------------------------- Software : Monster Top List --------------------------------- version : Monster Top List 1.4 --------------------------------- Exploit : www.site.com/index.phpusererrormessage=XSS-CODE --------------------------------- Discovery ...
Tricks of the trade of the invasion of Shaanxi, a University intranet-vulnerability warning-the black bar safety net
Recently black anti above there are many ways to invade College website to the article, mostly for the injection attack. Oh, in order to cater to the mass the trend, I also entered some of the University websites play a Play. Not, this time it found a Shaanxi College inside a site of injection...
TheWebForum 1.2.1 - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/16161/info TheWebForum is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities could result in a compromise of t...
CVE-2005-3850
CVE-2005-3850 describes a cross-site scripting (XSS) vulnerability in the OKBSYS Lite Edition 1.0 search.asp page. The issue allows remote attackers to inject arbitrary script/HTML via hex-encoded values in the q parameter. The vulnerability is page/file/parameter specific (search.asp, q) and the...
myBloggie "username" SQL Injection Vulnerability
Secunia Advisory: SA16699 Release Date: 2005-09-05 Critical: Moderately critical Impact: Security Bypass Manipulation of data Where: From remote Solution Status: Vendor Patch Software: myBloggie 2.x Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it...
Simple Machines Forum < 1.0.7 Code Injection
Binary data 3198.prm...
CVE-2005-2301
PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service failure to answer ldap questions and possibly conduct an LDAP injection attack...
DEBIAN-CVE-2005-2108
SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTPRAWPOSTDATA variable, which stores the data in an XML file...
Hosting Controller 6.1 - resellerresources.asp?jresourceid SQL Injection
Hosting Controller 6.1 - resellerresources.asp?jresourceid SQL Injection source: https://www.securityfocus.com/bid/13806/info Hosting Controller is reported prone to multiple vulnerabilities. These issues can allow an attacker gain unauthorized access to data and carry out SQL injection attacks...
CVE-2005-1169
Mafia Blog .4 BETA does not properly protect the admin directory, which allows remote attackers to execute arbitrary PHP code by using writeinfo.php to inject the code into info.php...
myBloggie 2.1.1
myBloggie 2.1.1 Vendor: http://www.mywebland.com/ When the comments are posted there's no check for "script" tags allowing a script injection attack. Proof of Concept scriptalert"Hi world!";/script ..-= DominusVis =-.. Infektion Group Brazil...
MercuryBoard 1.1 - Multiple Input Validation Vulnerabilities
MercuryBoard 1.1 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/12359/info Multiple input validation vulnerabilities affect MercuryBoard. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in...
konversation -- shell script command injection
Konversation comes with Perl scripts that do not properly escape shell characters on executing a script. This makes it possible to attack Konversation with shell script command injection...
[EXPL] ITA Forum SQL Injection
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
CVE-2004-1158
Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka t...
Cacti: SQL injection vulnerability
Background Cacti is a complete web-based front end to rrdtool. Description Cacti is vulnerable to a SQL injection attack where an attacker may inject SQL into the Username field. Impact An attacker could compromise the Cacti service and potentially execute programs with the permissions of the use...
Re: [Full-Disclosure] THE VULNERABILITY STILL WORKS AFTER TODAY'S PATCH
Well it's not quite as easy as you make it sound I think you only took a look at http-equiv's example I posted to full disclosure and based your post on that. You see this: --snip-- iframe src="c:windowswebtip.htm" style="width:400px;height:200px;"/iframe textarea id="code" style="display:none;"...