CVE-2009-4466

DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. NOTE: this issue might be resultant from improperly controlled computation in tools.php that leads to a denial of service CPU or...

CVE-2009-4468

Cross-site scripting XSS vulnerability in misc.php in DeluxeBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter...

CVE-2009-4466

DeluxeBB 1.3 is affected by CVE-2009-4466, where a crafted value for the page parameter in misc.php can cause an information disclosure by revealing the installation path in an error message. The issue may stem from how tools.php handles computations, potentially contributing to a denial of servi...

vBulletin misc.php Template Name Arbitrary Code Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'vBulletin...

DeluxeBB misc.php模块SQL注入漏洞

BUGTRAQ ID: 34174 DeluxeBB是一款基于PHP的论坛程序。 DeluxeBB的misc.php模块中没有正确地验证用户所提交的$qorder参数： $getsel = $db-query"SELECT FROM ".$prefix."users ".$qfilter." ".$qorder." == ".$sort." LIMIT ".$pageinfo0.",".$pageinfo1; 远程攻击者可以通过提交恶意的查询请求执行SQL注入攻击，导致读取论坛所有注册用户的用户名和口令MD5。 DeluxeBB = 1.3 厂商补丁：...

CVE-2009-1033

CVE-2009-1033 affects DeluxeBB 1.3 and earlier. A SQL injection flaw in misc.php allows remote attackers to execute arbitrary SQL via the qorder parameter, as described in the connected documents. Exploit details and fixes are not provided here.

CVE-2009-1033

SQL injection vulnerability in misc.php in DeluxeBB 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the qorder parameter, a different vector than CVE-2005-2989 and CVE-2006-2503...

CVE-2008-3965

SQL injection vulnerability in misc.php in MyBB aka MyBulletinBoard before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field...

Sql injection

SQL injection vulnerability in misc.php in MyBB aka MyBulletinBoard before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field...

Sql injection

SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the pageoptions parameter to 1 options-general.php, 2 options-writing.php, 3 options-reading.php, 4 options-discussion.php, 5 options-privacy.php, 6...

burncms-rfi.txt

burnCMS = 0.2rootRemote File Include Vulnerablities D.Script: http://www.burnstone.ch/downloads/burnCMS-0.2.zip Discovered by: GolDM = Mahmoodali Homepage: http://www.Tryag.cc Exploit:PathburnCMS/lib/authuser.php?root=Shell Exploit:PathburnCMS/lib/misc.php?root=Shell...

burnCMS 0.2 - 'root' Remote File Inclusion

burnCMS = 0.2rootRemote File Include Vulnerablities D.Script: http://www.burnstone.ch/downloads/burnCMS-0.2.zip Discovered by: GolDM = Mahmoodali Homepage: http://www.Tryag.cc Exploit:PathburnCMS/lib/authuser.php?root=Shell Exploit:PathburnCMS/lib/misc.php?root=Shell...

burnCMS <= 0.2 (root) Remote File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications =========================================================== burnCMS = 0.2 root Remote File Inclusion Vulnerabilities =========================================================== burnCMS = 0.2rootRemote File Include Vulnerablities D.Script:...

SH-News 0.93 - misc.php Remote File Inclusion

SH-News 0.93 - misc.php Remote File Inclusion !/usr/bin/perl SH-News 0.93 misc.php Remote File Include Exploit Download: http://www.scripthome.de/down.php?id=6 Vulnerable Code: require "$newscfg'path'/german.inc.php"; Coded by bd0rk || SOH-Crew Usage: shnews.pl target cmd shell shell variable...

FreeHost &quot;misc.php &amp; news.php&quot; SQL Injection

================================ Discovered By: CrAzY CrAcKeR ================================ Example:- /FreeHost/misc.php?readme=SQL /FreeHost/news.php?index=SQL Search:- Powered By FreeHost ================================ Email:[email protected]...

SaphpLesson-misc.txt

============================================= Discovered By: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Breeeeh BoNym-Rootshill-LiNuXrOOt-Sw33t h4ck3r ============================================= Example:- /misc.php?action=SQL...

CVE-2006-3161

The CVE-2006-3161 entry concerns SaphpLesson 1.1 and earlier. The vulnerability is an SQL injection in misc.php, exploitable via the action parameter, allowing remote attackers to execute arbitrary SQL commands. CVSS 2.0 score is 7.5 (HIGH) with network attack vector and low complexity, no authen...

WBB&lt;--v2.3.4&quot;misc.php&quot; SQL injection Vulnerability

=================================== Discovery By: CrAzY CrAcKeR Site: www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-LoverHacker Breeeeh-LiNuXrOOt-BoNym-rootshill =================================== Example:- /misc.php?action=faq?sid=SQL injection...

Sql injection

SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote attackers to execute arbitrary SQL commands via the name parameter...

SaPHPLession30.txt

SaPHPLesson 3.0 Multbugs By :-- D3vil-0x1 | Devil-00 --: 1- Unfilter array Filename :- show.php Line :- 102 code $hrow = $Row2;/code Fix :- Add To Line 11 /show.php This Code :- we add the code to global to fix all unfilter ver. at the code : code $hrow = array;/code Exploit :- GET ^...