34 matches found
EUVD-2007-2530
Malware in sbrugna...
EUVD-2006-5510
Malware in sbrugna...
WebUI 1.5b6 mainfile.php 代码执行
No description provided by source...
WebUI mainfile.php Arbitrary Command Injection
An arbitrary command injection vulnerability exists in WebUI. The vulnerability is due to insufficient validation of multiple parameters in "mainfile.php" when handling HTTP requests. A remote, authenticated attacker can exploit this vulnerability by sending maliciously crafted input to the...
123tkShop 0.9.1 - Remote Authentication Bypass Vulnerability
No description provided by source. By Michael Brooks Vulnerability:Sql Injection Software:123tkShop Homepage:http://sourceforge.net/projects/my123tkshop/ Affects Version 0.9.1. An attacker can gain Administrative rights with this authentication bypass exploit:...
[SOJOBO-ADV-13-04] - PHP-Nuke 8.2.4 multiple vulnerabilities
SOJOBO-ADV-13-04 - PHP-Nuke 8.2.4 multiple vulnerabilities I. Information ================== Name : PHP-Nuke 8.2.4 multiple vulnerabilities Software : PHP-Nuke 8.2.4 and possibly below. Vendor Homepage : http://www.phpnuke.org/ Vulnerability Type : File Inclusion and Reflected Cross-Site Scriptin...
XOOPS <= 2.3.3 Remote File Disclosure Vulnerability (.htaccess)
Exploit for unknown platform in category web applications =============================================================== XOOPS = 2.3.3 Remote File Disclosure Vulnerability .htaccess ===============================================================...
phpBLASTER 1.0 RC1 - Blind SQL Injection
phpBLASTER 1.0 RC1 - Blind SQL Injection --+++============================================================+++-- --+++====== phpBLASTER 1.0 RC1 Blind SQL Injection Exploit ======+++-- --+++============================================================+++-- 4 return true; else return false; function...
smeego-lfi.txt
Smeego CMS Local File Include Exploit by 0in from Dark-Coders Programming & Security Group http://dark-coders.4rh.eu File: mainfile.php if $displayerrors == 1 // We don't se any errors ; @iniset'displayerrors', 1; else @iniset'displayerrors', 0; if isset$newlang if...
CVE-2007-6458
SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php...
123tkShop 0.9.1 - Remote Authentication Bypass
123tkShop 0.9.1 - Remote Authentication Bypass By Michael Brooks Vulnerability:Sql Injection Software:123tkShop Homepage:http://sourceforge.net/projects/my123tkshop/ Affects Version 0.9.1. An attacker can gain Administrative rights with this authentication bypass exploit:...
123tkShop 0.9.1 - Remote Authentication Bypass
By Michael Brooks Vulnerability:Sql Injection Software:123tkShop Homepage:http://sourceforge.net/projects/my123tkshop/ Affects Version 0.9.1. An attacker can gain Administrative rights with this authentication bypass exploit:...
123tkShop 0.9.1 Remote Authentication Bypass Vulnerability
Exploit for unknown platform in category web applications ========================================================== 123tkShop 0.9.1 Remote Authentication Bypass Vulnerability ========================================================== By Michael Brooks Vulnerability:Sql Injection Software:123tkSh...
Sql injection
Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a 1 nickname or 2 Id in a cookie, or 3 the X-Forwarded-For XFORWARDEDFOR HTTP header...
NPDS <= 5.10 - Multiple SQL injections
|Description:| Security holes were found in NPDS 5.10. N°1: Sql Injection in cookies File Mainfile.php lines 655 to 691. No check is carried out on nicknames or Id which can allow an attacker to modify a SQL request so as to obtain data. N°2: SQL Injection due to a bad use of "XFORWARDEDFOR" file...
Net Portal Dynamic System (NPDS) 5.10 - Remote Code Execution (2)
Net Portal Dynamic System NPDS 5.10 - Remote Code Execution 2 ?php /---------------------------------------------------------\ NPDS = 5.10 - Remote Code Execution exploit |Description:| Security holes were found in NPDS 5.10. N°1: Sql Injection in cookies File Mainfile.php lines 655 to 691. No...
PHP-Nuke绕过SQL注入保护及多个SQL注入漏洞
PHP-Nuke是一个广为流行的网站创建和管理工具,它可以使用很多数据库软件作为后端,比如MySQL、PostgreSQL、mSQL、Interbase、Sybase等。 PHP-Nuke实现上存在多个SQL注入漏洞,远程攻击者可能利用这些漏洞非授权操作数据库。 在mainfile.php文件中435行: //Union Tap //Copyright Zhen-Xjell 2004 http://nukecops.com //Beta 3 Code to prevent UNION SQL Injections unset$matches; unset$loc;...
PHP Nuke <= 8.0.0.3.3b SQL Injections and Bypass SQL Injection Protection vulnerabilities
PHP Nuke = 8.0.0.3.3b SQL Injections and Bypass SQL Injection Protection vulnerabilities PROGRAM: PHP-Nuke HOMEPAGE: http://phpnuke.org/ VERSION: All version BUG: PHP Nuke = 8.0.0.3.3b Bypass SQL Injection Protection and SQL Injections vulnerabilities AUTHOR: Aleksandar Let's look at source code...
CVE-2007-1450
SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter...
Sql injection
SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter...