CVE-2009-1764

The CVE-2009-1764 issue is a SQL injection vulnerability in MaxCMS 2.0, specifically in inc/ajax.asp via the id parameter used by a digg action. The underlying flaw is improper handling of user input leading to arbitrary SQL execution on remote systems. Impact is partial confidentiality/integrity...

MaxCMS 2.0 (inc/ajax.asp) Remote SQL Injection Vulnerability

No description provided by source. Securitylab.ir Application Info: Name: Maxcms Version: 2.0 Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Sql Injection Risk: Medium...

MaxCMS 2.0 (inc/ajax.asp) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================ MaxCMS 2.0 inc/ajax.asp Remote SQL Injection Vulnerability ============================================================...

MaxCMS 2.0 - incajax.asp SQL Injection

MaxCMS 2.0 - incajax.asp SQL Injection Securitylab.ir Application Info: Name: Maxcms Version: 2.0 Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Sql Injection Risk: Medium...

MaxCMS 2.0 - '/inc/ajax.asp' SQL Injection

Securitylab.ir Application Info: Name: Maxcms Version: 2.0 Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Sql Injection Risk: Medium ===========================================================...

Max CMS 2.0 SQL Injection

Securitylab.ir Application Info: Name: MaxCMS Version: 2.0 web: http://maxcms.net Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Sql Injection Risk: Medium...

MaxCMS 2.0 (m_username) Arbitrary Create Admin Exploit

No description provided by source. ?php printr' +---------------------------------------------------------------------------+ maxcms2.0 creat new admin exploit by Securitylab.ir +---------------------------------------------------------------------------+ '; if $argc 3 printr'...

MaxCMS 2.0 (m_username) Arbitrary Create Admin Exploit

Exploit for unknown platform in category web applications ====================================================== MaxCMS 2.0 musername Arbitrary Create Admin Exploit ====================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 ...

MaxCMS 2.0 Create New Admin

?php printr' +---------------------------------------------------------------------------+ maxcms2.0 creat new admin exploit by Securitylab.ir +---------------------------------------------------------------------------+ '; if $argc 3 printr'...

MaxCMS 2.0 - m_username Arbitrary Create Admin

MaxCMS 2.0 - musername Arbitrary Create Admin ?php printr' +---------------------------------------------------------------------------+ maxcms2.0 creat new admin exploit by Securitylab.ir +---------------------------------------------------------------------------+ '; if $argc 3 printr'...

MaxCMS 2.0 - 'm_username' Arbitrary Create Admin

?php printr' +---------------------------------------------------------------------------+ maxcms2.0 creat new admin exploit by Securitylab.ir +---------------------------------------------------------------------------+ '; if $argc 3 printr'...

Max CMS2. 0beta (maxcms)administrator authentication bypass vulnerability-vulnerability warning-the black bar safety net

by flyh4t http://bbs.wolvez.org/ maxcms background have auto upgrade function, the ajax that the injection is patched, but the vulnerability still not patched. In the previous patch with classmates to see if they can bypass the authentication, the answer is Yes, but the premise is to know the...

马克斯CMS2.0beta (maxcms)SQL注入漏洞

这个系统是国内非常流行的视频点播系统，之前的1.5版本漏洞非常多，2.0版本在安全方面有所提高，但是依然有漏洞存在。 \inc\ajax.asp dim action : action = getForm"action", "get" response.Charset="gbk" Select case action case "newslist" : viewNewsList case "newscontent" : viewNewsContent case "digg","tread" : scoreVideoaction case "reporterr" : reportErr...