CVE-2009-4735

SQL injection vulnerability in login.php in Allomani Audio & Video Library Songs & Clips version 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action...

Sql injection

SQL injection vulnerability in login.php in Allomani Audio & Video Library Songs & Clips version 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 index.php, 2 inc/login.php, 3 admin/index.php, and 4 admin/forgot.php...

Sql injection

Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow remote attackers to execute arbitrary SQL commands via 1 the loginus parameter to Login.php or 2 the Old Password field to changepwd.php, and allow 3 remote authenticated administrators to execute arbitrary SQL commands via the id...

Authentication flaw

Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass authentication and obtain administrative access by setting the roomphplanning cookie to a value associated with the admin account...

HazelPress Lite 0.0.4 SQL Injection

HazelPress Lite = 0.0.4 Auth Bypass SQL Injection Vulnerability By cr4wl3r Download: http://hazelpress.org/index.php?hazel=downloads PoC: path/login.php Username: ' or '1=1 password: ' or '1=1...

Project Man 1.0 SQL Injection

Project Man Download: http://sourceforge.net/projects/projectman1/files/ PoC: Project Manpath/login.php Username: ' or '1=1 password: ' or '1=1...

Scripts Feed Business Directory SQL Injection

============================================================================== Scripts Feed Business Directory SQL Injection Vulnerability ============================================================================== + My home http://hack-tech.com + Date Submitted: February 27 2010 + Founder: Cr...

DeltaScripts PHP Links XSS Vulnerability

Exploit for unknown platform in category web applications ======================================== DeltaScripts PHP Links XSS Vulnerability ======================================== + Exploit Title: DeltaScripts PHP Links XSS Vulnerability + Date: January 09 2010 + Author: Crux mail:email protecte...

Scripts Feed Business Directory - SQL Injection

Scripts Feed Business Directory - SQL Injection ============================================================================== Scripts Feed Business Directory SQL Injection Vulnerability ============================================================================== + My home http://hack-tech.com ...

Project Man 1.0 - Authentication Bypass

Project Man 1.0 - Authentication Bypass Project Man Download: http://sourceforge.net/projects/projectman1/files/ PoC: Project Manpath/login.php Username: ' or '1=1 password: ' or '1=1...

Killmonster <= 2.1 (Auth Bypass) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================ Killmonster Type Username Here: Type Password Here: authenticate.php $isadmin=$POST'isadmin'; $password=$POST'password'; $password=md5$password; $query = "select from kmadmins...

BoastMachine 3.1 - Arbitrary File Upload

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Exploit Title : boastMachine v3.1 Remote File Upload Vulnerability Author: alnjm33 Software Link: http://boastology.com/pages/dload.php?id=bmachine-3.1.zip Software...

al3jeb script - Remote Authentication Bypass

al3jeb script - Remote Authentication Bypass '/ -.- --------------------oOO------OOo------------------- | al3jeb script Remote Login Bypass Exploit | | works only with magicquotesgpc = off | ------------------------------------------------------ ! Discovered: cr4wl3r ! Date: 19.01.2010 ! Remote:...

DeltaScripts PHP Links 1.0 Cross Site Scripting

H A C K - T E C H E X P L O I T S - by Crux + Exploit Title: DeltaScripts PHP Links XSS Vulnerability + Date: January 09 2010 + Author: Crux mail:[email protected] + Software Link: http://www.deltascripts.com/phplinks/ + Version: 1.0 + Tested on: ALL OS + Dork: NO NO NO! Vulnerable File...

WordPress 1.2 wp-login.php响应拆分攻击漏洞

No description provided by source...

dedecms <=5.7 member-login.php 跨站脚本攻击漏洞

No description provided by source...

phpGroupWare多个输入验证漏洞

BUGTRAQ ID: 35761 CVE ID: CVE-2009-4414,CVE-2009-4415,CVE-2009-4416 phpGroupWare是一个用PHP编写的多用户的网络组件，为开发其他程序提供了一个API。 phpGroupWare的多个组件中存在输入验证错误，远程攻击者可以通过提交恶意请求泄露敏感信息、执行跨站脚本或SQL注入攻击。 1 没有正确地验证传送给csvfile参数的输入便在addressbook/csvimport.php中使用，这可能导致在受影响系统上读取任意文件的内容。 2...

CVE-2009-4416

Cross-site scripting XSS vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter whose name begins with the "phpgw" sequence...

Pligg login.php return Parameter Arbitrary Site Redirect

The remote host is running Pligg, an open source content management system. The installed version of Pligg contains an open redirect, in the 'return' parameter of its 'login.php' script. This could be abused to launch a phishing attack to trick users into visiting malicious sites. Note that this...