SolucionWeb (main.php?id_area) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability SolucionWeb main.php?idarea AuTh0r : EhsanHp200 H0ME : www.only-4dl.tk Email : [email protected] Vendor : http://www.solucionweb.com/ Persian Gulf 4 Ever! Dork : "Powered by SolucionWeb" "inurl:main.php?idarea=" Exploit...

ezringtone-disclose.txt

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + Ez Ringtone Manager Multiple Vulnerabilities + + + + Discovered by b3hz4d + + + + WwW.DeltaHacking.Net + + + + + + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ APA Center of Yazd University...

Ez Ringtone Manager Multiple Remote File Disclosure Vulnerabilities

Exploit for unknown platform in category web applications =================================================================== Ez Ringtone Manager Multiple Remote File Disclosure Vulnerabilities =================================================================== AUTHOR : b3hz4d Seyed Behzad...

CVE-2008-4772

SQL injection vulnerability in main/main.php in QuestCMS allows remote attackers to execute arbitrary SQL commands via the obj parameter...

Sql injection

SQL injection vulnerability in main/main.php in QuestCMS allows remote attackers to execute arbitrary SQL commands via the obj parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in main/main.php in QuestCMS allows remote attackers to inject arbitrary web script or HTML via the cx parameter...

CVE-2008-4773

Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. dot dot in the theme parameter...

CVE-2008-4774

Cross-site scripting XSS vulnerability in main/main.php in QuestCMS allows remote attackers to inject arbitrary web script or HTML via the cx parameter...

CVE-2008-4772

CVE-2008-4772 describes an SQL injection vulnerability in QuestCMS, specifically in the file main/main.php where the parameter obj can be manipulated to execute arbitrary SQL commands by remote attackers. The NVD entry assigns a Base Score of 7.5 (High) with network access and no authentication r...

Unfixed XSS vulnerability at www.celestial-interior.com

Security researcher SaMTHG, has submitted on 28/10/2008 a cross-site-scripting XSS vulnerability affecting www.celestial-interior.com, which at the time of submission ranked 24305779 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 30/06/2009. I...

CVE-2008-4499

Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. dot dot in the 1 refer parameter to main.php and the 2 file parameter to edit.php...

CVE-2008-4484

main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php...

CVE-2008-4484

main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php...

phpwebexplorer-lfi.txt

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- PHPWebExplorer eNYe-Sec - www.enye-sec.org -- Exploit -- If you have access to the control panel: http://localhost/main.php?refer=d&d=../../../etc http://localhost/edit.php?file=../../../etc/passwd If you are not a register user but you...

CVE-2008-1839

Multgiple cross-site scripting XSS vulnerabilities in module/main.php in WORK system e-commerce 4.0.9 allow remote attackers to inject arbitrary web script or HTML via the 1 day, 2 month, and 3 year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely...

CVE-2008-1839

CVE-2008-1839 affects WORK system e-commerce 4.0.9. The vulnerability is described as multiple cross-site scripting (XSS) in module/main.php, exploitable via the (1) day, (2) month, and (3) year parameters. The notes indicate not all provenance is confirmed and details come from third-party sourc...

Unfixed XSS vulnerability at www.meteo.bg

Security researcher xylitol, has submitted on 03/12/2008 a cross-site-scripting XSS vulnerability affecting www.meteo.bg, which at the time of submission ranked 1897050 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 29/11/2011. It is currently...

Barryvan Compo Manager 'main.php'远程文件包含漏洞

Barryvan Compo Manager是一款基于PHP的WEB应用程序。 Barryvan Compo Manager不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限执行任意PHP代码。 问题是由于'main.php'脚本对用户提交的'pageURL'参数处理缺少充分过滤，提交远程服务器的任意文件作为包含对象，可导致以WEB权限执行任意PHP代码。 Barryvan Compo Manager Barryvan Compo Manager 0.3 目前没有详细解决方案提供： http://sourceforge.net/projects/barryvancompo...

Sql injection

Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 fromdate or 2 todate parameter to spy.php...

Wordpress Plugin WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit

No description provided by source. ? WordPress WassUp plugin v 1.4.3 Sql Injection Exploit Plugin Homepage-http://www.wpwp.org/ Found by:enterthedragon Tested successfully on v 1.4-1.4.3 lower versions are possibly vulnerable too just check the source and modify the query as needed Vuln code -In...