MD-Pro 1.083.x Blind SQL Injection

!Informationschema: Product: MDPro v 1.083.x site: www.maxdev.com Vuln: Blind $QL Injection pollID Author: XaDoS thanks to S3rg3770 dork: inurl:modules.php?op= "pollID" "Powered By MDPro" Vuln: PollID http://www.site.com/MDPropath/modules.php?name=Surveys&op=results&pollID=SQL or...

MD-Pro 1.083.x - Survey Module 'pollID' Blind SQL Injection

!Informationschema: Product: MDPro v 1.083.x site: www.maxdev.com Vuln: Blind $QL Injection pollID Author: XaDoS thanks to S3rg3770 dork: inurl:modules.php?op= "pollID" "Powered By MDPro" Vuln: PollID http://www.site.com/MDPropath/modules.php?name=Surveys&op=results&pollID=SQL or...

CVE-2009-0728

SQL injection vulnerability in the MyeGallery module for MAXdev MDPro MD-Pro and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php...

Sql injection

SQL injection vulnerability in the MyeGallery module for MAXdev MDPro MD-Pro and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php...

CVE-2009-0728

The CVE-2009-0728 issue affects MAXdev MDPro (MD-Pro) with the My_eGallery module. The root cause is improper input filtering of the pid parameter in index.php when module=My_eGallery and do=showpic, enabling a remote SQL injection that can execute arbitrary SQL commands. Exploitation details are...

CVE-2009-0728

SQL injection vulnerability in the MyeGallery module for MAXdev MDPro MD-Pro and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php...

MAXdev My eGallery Module 3.04 - For Xoops gid SQL Injection

MAXdev My eGallery Module 3.04 - For Xoops gid SQL Injection source: https://www.securityfocus.com/bid/28220/info MAXdev My eGallery module for Xoops is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting...

MAXdev My eGallery Module 3.04 - For Xoops 'gid' SQL Injection

source: https://www.securityfocus.com/bid/28220/info MAXdev My eGallery module for Xoops is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

CVE-2007-5222

SQL injection vulnerability in index.php in MAXdev MDPro MD-Pro 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header...

Sql injection

SQL injection vulnerability in index.php in MAXdev MDPro MD-Pro 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header...

CVE-2007-5222

CVE-2007-5222 is a SQL injection vulnerability in MAXdev MDPro (MD-Pro) 1.0.76 via a Referer header containing the substring "Firefox ID=", enabling remote attackers to inject arbitrary SQL. The affected component is index.php; root cause is crafted input in Referer header. Impact is partial disc...

CVE-2007-5222

SQL injection vulnerability in index.php in MAXdev MDPro MD-Pro 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header...

Sql injection

SQL injection vulnerability in index.php in MAXdev MDPro MD-Pro 1.0.8x and earlier before 20070720 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a view action in the Topics module, a different vulnerability than CVE-2006-1676...

CVE-2007-3938

SQL injection vulnerability in index.php in MAXdev MDPro MD-Pro 1.0.8x and earlier before 20070720 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a view action in the Topics module, a different vulnerability than CVE-2006-1676...

CVE-2007-3938

SQL injection vulnerability in index.php in MAXdev MDPro MD-Pro 1.0.8x and earlier before 20070720 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a view action in the Topics module, a different vulnerability than CVE-2006-1676...

CVE-2007-3938

The CVE-2007-3938 entry concerns MAXdev MDPro (MD-Pro) prior to version 1.0.8x (before 20070720) where the index.php topicid parameter in the Topics module is not properly sanitized. The flaw allows an unauthenticated remote attacker to influence SQL queries executed by topics_userapi.php, potent...

mdpro108-sql.txt

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Site: http://www.maxdev.com Download: http://www.maxdev.com/mod-Areafiles-display-lid-510-cid-1.phtml Dork: "Powered by Md-Pro" !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!...

Md-Pro <= 1.0.8x (Topics topicid) Remote SQL Injection Vulnerability

No description provided by source. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Site: http://www.maxdev.com Download: http://www.maxdev.com/mod-Areafiles-display-lid-510-cid-1.phtml Dork: "Powered by Md-Pro" !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!...

Md-Pro 1.0.8x - Topics topicid SQL Injection

Md-Pro 1.0.8x - Topics topicid SQL Injection !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Site: http://www.maxdev.com Download: http://www.maxdev.com/mod-Areafiles-display-lid-510-cid-1.phtml Dork: "Powered by Md-Pro" !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!...

Md-Pro <= 1.0.8x (Topics topicid) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ==================================================================== Md-Pro = 1.0.8x Topics topicid Remote SQL Injection Vulnerability ====================================================================...