Md-Pro 1.0.8x - Topics topicid SQL Injection

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Site: http://www.maxdev.com Download: http://www.maxdev.com/mod-Areafiles-display-lid-510-cid-1.phtml Dork: "Powered by Md-Pro" !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!...

Sql injection

SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter...

CVE-2007-0623

SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter...

CVE-2007-0623

The CVE-2007-0623 entry documents an SQL injection vulnerability in the MAXdev MDPro product, specifically in index.php (version 1.0.76). The root cause is improper handling of the startrow parameter, allowing remote attackers to execute arbitrary SQL commands. The vulnerability affects the web a...

CVE-2007-0623

SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter...

CVE-2007-0624

The CVE-2007-0624 issue affects MAXdev MDPro 1.0.76 (user.php) where the uname parameter in a userinfo operation can be crafted to reveal the server’s full filesystem path by injecting a quote character and possibly other invalid values. The vulnerability could enable information disclosure (part...

CVE-2007-0624

user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' quote character, and possibly other invalid values, in the uname parameter in a userinfo operation...

CVE-2006-6869

Directory traversal vulnerability in includes/search/searchmdforum.php in MAXdev MDForum 2.0.1 and earlier, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the PNSVlang cookie to error.php, as...

CVE-2006-6869

Affects MAXdev MDForum 2.0.1 and earlier. The vulnerability is in includes/search/search_mdforum.php where, if magic_quotes_gpc is disabled and register_globals is enabled, an attacker can cause local file inclusion and code execution by injecting a .. in the PNSVlang cookie to error.php, demonst...

CVE-2006-6869

Directory traversal vulnerability in includes/search/searchmdforum.php in MAXdev MDForum 2.0.1 and earlier, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the PNSVlang cookie to error.php, as...

MDPro <= 1.0.76 (Cookie: PNSVlang) Local File Include Exploit

Exploit for unknown platform in category web applications ============================================================= MDPro = 1.0.76 Cookie: PNSVlang Local File Include Exploit ============================================================= ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :...

MDPro 1.0.76 - &#039;Cookie PNSVlang&#039; Local File Inclusion

DEVIL TEAM IRC: 72.20.18.6:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Greetings DragonHeart and all DEVIL TEAM Patriots : - Leito & Leon TomZen, Gelo, Ramzes, DMX, Ci2u,...

CVE-2006-5564

Cross-site scripting XSS vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

CVE-2006-5565

CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the 1 name, 2 file, 3 module, and 4 func parameters in a index.php; and the 5 file parameter in b modules.php. NOTE: the provenance of this information is unknown;...

CVE-2006-5564

Cross-site scripting XSS vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

CVE-2006-5564

CVE-2006-5564 is an XSS vulnerability in MAXdev MD-Pro 1.0.76, exploitable via the op parameter in user.php. The issue allows remote attackers to inject arbitrary web script/HTML. The NVD record lists a base score of 4.3 (Medium) with Network attack vector, no confidentiality impact, partial inte...

CVE-2006-5565

CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the 1 name, 2 file, 3 module, and 4 func parameters in a index.php; and the 5 file parameter in b modules.php. NOTE: the provenance of this information is unknown;...

CVE-2006-5565

CVE-2006-5565 concerns a CRLF injection vulnerability in MAXdev MD-Pro 1.0.76. The flaw allows remote attackers to inject arbitrary HTTP headers by inserting a CRLF sequence into parameters (name, file, module, func) in index.php and the file parameter in modules.php. The accompanying data notes ...

MAXdev MD-Pro 1.0.76 - user.php Cross-Site Scripting

MAXdev MD-Pro 1.0.76 - user.php Cross-Site Scripting MAXdev MD-Pro is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the...

MAXdev MD-Pro 1.0.76 - &#039;user.php&#039; Cross-Site Scripting

MAXdev MD-Pro is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacke...