psipuss 1.0 - Multiple SQL Injections

psipuss 1.0 - Multiple SQL Injections ...:::::psipuss version 1.0 SQL Injection Vulnerabilities ::::.... Virangar Security Team www.virangar.net www.virangar.ir -------- Discoverd By :virangar security teamhadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & al...

CVE-2008-3398

Multiple cross-site scripting XSS vulnerabilities in XRMS CRM 1.99.2 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to unspecified components, possibly including login.php. NOTE: this may overlap CVE-2008-1129...

CVE-2007-3650

myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via 1 an invalid year parameter to calendar.php, reached through index.php; 2 a direct request to common.php; and 3 a mode array parameter in the query string to login.php, which reveal the installation path in vario...

Design/Logic Flaw

myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via 1 an invalid year parameter to calendar.php, reached through index.php; 2 a direct request to common.php; and 3 a mode array parameter in the query string to login.php, which reveal the installation path in vario...

Sql injection

Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to execute arbitrary SQL commands via 1 the annuaire parameter to annuaire.php or 2 the username field in admin/login.php...

CVE-2008-2995

PHPEasyData 1.5.4 contains multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. The affected entry notes two injection vectors: (1) the annuaire parameter to annuaire.php and (2) the username field in admin/login.php. The NVD listing documents a CV...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Academic Web Tools AWT YEKTA 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 query string to login.php and the 2 glbsid parameter to hta/htmlarea.js.php, and allow remote authenticated...

Session fixation

Multiple session fixation vulnerabilities in Academic Web Tools AWT YEKTA 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to 1 index.php and 2 login.php in homepg/...

Scientific Image DataBase 0.41 - Blind SQL Injection

!/usr/bin/perl use strict; use warnings; use LWP::UserAgent; Download: http://sidb.sourceforge.net/ Dork: "Scientific Image DataBase" This exploit retrives the admin username/password via blind mysql injection. print ; my $substr, $done, $chr, $res = 1, 1, 48, ""; my $ua = LWP::UserAgent-new agen...

Sql injection

SQL injection vulnerability in login.php in Gryphon gllcTS2 4.2.4 allows remote attackers to execute arbitrary SQL commands via the detail parameter...

CVE-2008-2746

CVE-2008-2746: A SQL injection vulnerability in login.php of Gryphon gllcTS2 4.2.4 allows remote attackers to execute arbitrary SQL commands via the detail parameter. According to the records, the vulnerability affects login.php and enables potential partial disclosure of information, with partia...

CVE-2008-2690

Multiple PHP remote file inclusion vulnerabilities in BrowserCRM 5.002.00, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the bcrmpubroot parameter to 1 kb.php, 2 login.php, 3 index.php, 4 contactview.php, and 5 contact.php in pub/, different...

gllcts2-sql.txt

?php / 08000000088@M@@@M@2ZZZ8@aZX;ii,,:,iir777777777777777777777777r;i:, i ,@X:i:0a7 BMMM88000000000 08888888882aMMMMM,SZZ0WZ ........ 7a2MMMMM : MMM@aZ888888888 08888888888WMMMMM78aSXi XBMMMMMMMMMMMMMM2: MB.X:. ,SMMMMMMMMMMMM. r: MMM0a8888888888 0888888888ZZMMMMS :...

GLLCTS2 <= 4.2.4 (login.php detail) SQL Injection Exploit

Exploit for unknown platform in category web applications 0day.today 2018-03-17...

PHPEasyData 1.5.4 - &#039;/admin/login.php?Username&#039; SQL Injection

source: https://www.securityfocus.com/bid/29659/info PHPEasyData is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the...

CVE-2008-2642

SQL injection vulnerability in login.php in OtomiGenX 2.2 allows remote attackers to execute arbitrary SQL commands via the userAccount parameter aka the User Name field to index.php. NOTE: some of these details are obtained from third party information...

Sql injection

SQL injection vulnerability in login.php in OtomiGenX 2.2 allows remote attackers to execute arbitrary SQL commands via the userAccount parameter aka the User Name field to index.php. NOTE: some of these details are obtained from third party information...

otomigenx-bypass.txt

...::::: OtomiGenX v2.2 Ultimate Authentication bypass Vulnerabilities ::::.... Virangar Security Team www.virangar.net www.virangar.ir -------- Discoverd By :virangar security teamhadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all hackerz greetz:to my be...

MercuryBoard &lt;= 1.1.5 (login.php) Remote Blind SQL Injection Exploit

No description provided by source. ?php / -------------------------------------------------------------------- MercuryBoard = 1.1.5 login.php Remote Blind SQL Injection Exploit -------------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom...

MercuryBoard 1.1.5 - login.php Blind SQL Injection

MercuryBoard 1.1.5 - login.php Blind SQL Injection settitle$this-lang-loginheader; 55. $this-tree$this-lang-loginheader; 56. 57. //print "agent: $this-agent\n"; 58. 59. if !isset$this-post'submit' 60. $requesturi = $this-geturi; 61. 62. if substr$requesturi, -8 == 'register' 63. $requesturi =...