Mynews 0.10 - Authentication Bypass

0x01 Informations: Name : Mynews 010 Download : http://prdownloads.sourceforge.net/mynews/mynewsbeta010.zip?download Vulnerability : Auth Bypass Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/login.php Code if $request == "POST" $username =...

BlueBird Pre-Release - Authentication Bypass

0x01 Informations: Name : BlueBird Pre-Release Download : http://downloads.sourceforge.net/bluebird/bluebirdpre.zip Vulnerability : Auth Bypass Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/login.php Code if $request == "POST" $username =...

AuthPhp 1.0 (Auth Bypass) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ===================================================== AuthPhp 1.0 Auth Bypass SQL Injection Vulnerability ===================================================== 0x01 Informations: Name : AuthPhp 1.0 Download :...

AuthPhp 1.0 - Authentication Bypass

0x01 Informations: Name : AuthPhp 1.0 Download : http://frankmancuso.ca/downloads/authphp/authphp-stable-1.0.zip Vulnerability : Auth Bypass Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/login.php Code $username = $POST'username'; $passwd =...

Sql injection

SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 allows remote attackers to execute arbitrary SQL commands via the username parameter...

CVE-2009-0407

CVE-2009-0407 affects PHP-CMS Project 1 and is caused by an SQL injection in admin/login.php, exploitable through the username parameter to allow remote execution of arbitrary SQL commands. Connected sources corroborate this vulnerability description; no specific patch version or remediation deta...

CVE-2009-0394

The CVE-2009-0394 entry describes a SQL injection vulnerability in the login.php of Pre Lecture Exercises (PLEs) CMS 1.0 beta 4.2 . An attacker can exploit the vulnerability by supplying a crafted value to the school parameter , potentially allowing remote execution of arbitrary SQL commands. The...

CVE-2009-0394

SQL injection vulnerability in login.php in Pre Lecture Exercises PLEs CMS 1.0 beta 4.2 allows remote attackers to execute arbitrary SQL commands via the school parameter...

PHP-CMS Project login.php远程SQL注入漏洞

BUGTRAQ ID: 33473 PHP-CMS Project是一种基于Web的内容管理系统。 PHP-CMS Project的实现上存在输入验证漏洞，远程攻击者可能利用此漏洞控制服务器应用系统。 PHP-CMS Project的login.php脚本没有充分检查过滤用户提交的参数数据，攻击者者可以在输入中插入SQL语句获取对后台数据库的非授权操作。 PHP-CMS Project 1 厂商补丁： PHP-CMS Project --------------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

Sql injection

SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta allows remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

PLE CMS 1.0 beta 4.2 (login.php school) Blind SQL Injection Exploit

No description provided by source. --+++==============================================================+++-- --+++====== PLE CMS 1.0 beta 4.2 Blind SQL Injection Exploit ======+++-- --+++==============================================================+++-- ?php function query $user, $pos, $chr $quer...

PLE CMS 1.0 beta 4.2 (login.php school) Blind SQL Injection Exploit

Exploit for unknown platform in category web applications =================================================================== PLE CMS 1.0 beta 4.2 login.php school Blind SQL Injection Exploit ===================================================================...

Oracle Secure Backup login.php rbtool command injection

Added: 01/20/2009 CVE: CVE-2008-5448 BID: 33177 OSVDB: 51342 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command injection vulnerability in the Oracle Secure Backup web interface allows a remote attacker to execute arbitrary...

Oracle Secure Backup login.php rbtool command injection

Added: 01/20/2009 CVE: CVE-2008-5448 BID: 33177 OSVDB: 51342 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command injection vulnerability in the Oracle Secure Backup web interface allows a remote attacker to execute arbitrary...

Oracle Secure Backup login.php rbtool command injection

Added: 01/20/2009 CVE: CVE-2008-5448 BID: 33177 OSVDB: 51342 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command injection vulnerability in the Oracle Secure Backup web interface allows a remote attacker to execute arbitrary...

Oracle Secure Backup login.php rbtool command injection

Added: 01/20/2009 CVE: CVE-2008-5448 BID: 33177 OSVDB: 51342 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command injection vulnerability in the Oracle Secure Backup web interface allows a remote attacker to execute arbitrary...

Oracle Secure Backup exec_qr() Command Injection Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the routine execqr defined in the web script login.php. The user-supplied variabl...

Syzygy CMS 0.3 - Authentication Bypass

Syzygy CMS 0.3 - Authentication Bypass --+++=========================================================================+++-- --+++====== Syzygy CMS = 0.3 Auth Bypass SQL Injection Vulnerability ======+++-- --+++=========================================================================+++-- + Syzygy...

Dark Age CMS 2.0 - login.php SQL Injection

Dark Age CMS 2.0 - login.php SQL Injection source: https://www.securityfocus.com/bid/33271/info Dark Age CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in login.php in myPHPscripts Login Session 2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 lsuser and 2 lsemail parameters aka the User form in an lsregister action. NOTE: some of these details are obtained from third...