LDU <= 8.x (avatarselect id) Remote SQL Injection Vulnerability

No description provided by source. LDU = 8.x Remote SQL Injection avatarselect id Vulnerability Discovered by: nukedx Contacts: ICQ: 10072 MSN/Mail: [email protected] web: http://www.nukedx.com Original advisory can be found at: http://www.nukedx.com/?viewdoc=51 ---- GET -...

LDU <= 8.x (polls.php) Remote SQL Injection Vulnerability

No description provided by source. Title : LDU = 8.x polls.php Remote SQL Injection Vulnerability Author : ajann Contact : : Dork : Powered by LDU SQL------------------------------------------------------ http://target/path/polls.php?id= Example: //...

seditio-upload.txt

Seditio CMS Remote File Upload Vulnerability ReSearcher : A.D.T Script : Seditio and Ldu Cms Version : All Versions Script HomePage : http://neocrome.net/ Dork : "powered by seditio" or "powered by ldu" Risk : Very High! Usage : Firstly, you register the victim web site. After, go to "pfs.php" an...

CVE-2006-6835

SQL injection vulnerability in Journal.inc.php in Neocrome Land Down Under LDU 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the w parameter to journal.php...

CVE-2006-6835

Technical details for CVE-2006-6835 are not publicly available in the provided documents. Monitor for updates.

ldu-sql.txt

BhhGroup.Org & Trtekforum.com Found By : St@rExT script name : LandDownUnder LDU Version : All Dork : "Powered by LDU" Script sites : http://www.neocrome.net Vull name : LDU = 8.x journal.php SQL Injection Vulnerability Vulnerable file : Journal.inc.php...

CVE-2004-2669

Multiple SQL injection vulnerabilities in Land Down Under LDU v701 allow remote attackers to execute arbitrary SQL commands or obtain the installation path via parameters including 1 s, w, and d in users.php, 2 id in comments.php, 3 rusername in auth.php, or 4 h in plug.php...

CVE-2005-4821

CVE-2005-4821 affects Land Down Under (LDU) 8.01 and earlier. The vulnerability is SQL injection in web parameters: m in auth.php, f in events.php, and e in plug.php, allowing remote attackers to alter or disclose data. The CVSS v2 base score is 7.5 (HIGH) with network access, no authentication, ...

CVE-2003-1315

SQL injection vulnerability in auth.php in Land Down Under LDU v601 and earlier allows remote attackers to execute arbitrary SQL commands...

CVE-2004-2669

CVE-2004-2669 affects Land Down Under (LDU) v701 and enables multiple SQL injection vectors via PHP parameters: s, w, d in users.php; id in comments.php; rusername in auth.php; h in plug.php. Root cause is unsafely-constructed SQL queries with user input, allowing remote execution of arbitrary SQ...

CVE-2003-1315

Technical details beyond the basic description are not provided in the connected documents. The CVE records describe an SQL injection in auth.php for Land Down Under (LDU) v601 and earlier; monitor for updates for further specifics (affected versions, fix, impact).

CVE-2006-6577

SQL injection vulnerability in polls.php in Neocrome Land Down Under LDU 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2006-6268

SQL injection vulnerability in system/core/profile/profile.inc.php in Neocrome Land Down Under LDU 8.x and earlier allows remote authenticated users to execute arbitrary SQL commands via a url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif"...

CVE-2006-6268

CVE-2006-6268 is a SQL injection vulnerability affecting Neocrome Land Down Under (LDU) 8.x and earlier. The flaw resides in system/core/profile/profile.inc.php, where a url-encoded id parameter to users.php that begins with a valid filename can be exploited by remote authenticated users to injec...

LDU &lt;= 8.x &#40;polls.php&#41; Remote SQL Injection Vulnerability

Title : LDU = 8.x polls.php Remote SQL Injection Vulnerability Author : ajann Contact : : Dork : "Powered by LDU" SQL------------------------------------------------------ http://target/path/polls.php?id= Example: //...

LDU &lt;= 8.x (polls.php) Remote SQL Injection Vulnerability

No description provided by source. Title : LDU = 8.x polls.php Remote SQL Injection Vulnerability Author : ajann Contact : : Dork : "Powered by LDU" SQL------------------------------------------------------ http://target/path/polls.php?id= Example: //...

LDU 8.x - polls.php SQL Injection

LDU 8.x - polls.php SQL Injection Title : LDU = 8.x polls.php Remote SQL Injection Vulnerability Author : ajann Contact : : Dork : "Powered by LDU" SQL------------------------------------------------------ http://target/path/polls.php?id= Example: //...

LDU <= 8.x (polls.php) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================= LDU = 8.x polls.php Remote SQL Injection Vulnerability ========================================================= Title : LDU = 8.x polls.php Remote SQL Injection Vulnerability Autho...

LDU 8.x - &#039;polls.php&#039; SQL Injection

Title : LDU = 8.x polls.php Remote SQL Injection Vulnerability Author : ajann Contact : : Dork : "Powered by LDU" SQL------------------------------------------------------ http://target/path/polls.php?id= Example: //...

ldu8x-sql.txt

--Security Report-- Advisory: LDU http://www.victim.com/users.php?m=profile&a=avatarselect&x=XVALUE&id=default.gifSQL Inject GET - http://w...