85 matches found
Endonessia CMS 8.4 Loccal File Inclusion
No description provided by source. Endonesia 8.4 CMS Site: http://www.endonesia.org/ Download: http://sourceforge.net/projects/endonesia Bug: Local File Inclusion in mod.php file ! Author: s4r4d0 Mail: [email protected] Team: Fatal Error...
Endonesia CMS 8.4 local file inclusion
Exploit for unknown platform in category web applications ====================================== Endonesia CMS 8.4 local file inclusion ====================================== Endonesia 8.4 CMS Site: http://www.endonesia.org/ Download: http://sourceforge.net/projects/endonesia Bug: Local File...
CVE-2008-5787
The CVE-2008-5787 entry concerns Arab Portal 2.1 on Windows, where a directory traversal flaw in mod.php allows remote attackers to read arbitrary files by supplying a .. path in the file parameter together with a show action. Affected component: mod.php in Arab Portal 2.1. Root cause: improper v...
arabportal-disclose.txt
Arab Portal v2.1 Remote File Disclosure Win32 AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download : www.arabportal.net DORK : Powered by: Arab Portal...
Sql injection
SQL injection vulnerability in the Calendar module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the locid parameter in a listevents action to mod.php...
eNdonesia 8.4 (Calendar Module) - SQL Injection
!/usr/bin/perl /-----------------------------------------------\ | /-----------------------------------------\ | | | Remote SQL Exploit | | | | eNdonesia 8.4 Remote SQL Exploit | | | | www.endonesia.org | | | | Calendar Module | | | -----------------------------------------/ | |...
CVE-2008-1553
Directory traversal vulnerability in mod.php of TopperMod 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the to parameter. CVSS2 base score 6.8 (MEDIUM); attack vector NETWORK, no authentication, no user interaction required; impacts partial confide...
toppermod10-lfi.txt
Author: GiReX mySite: girex.altervista.org CMS: TopperMod v1.0 Site: rtcw.ch/mio/index.php Bug: Local File Inclusion File: mod.php Var : $to Bug explanation - Vuln Code: if isset$GET'mod' $mod = stripslashes$GET'mod'; else header"location index.php"; Die; if isset$GET'to' $to =...
TopperMod 1.0 (mod.php) Local File Inclusion Vulnerability
Exploit for unknown platform in category web applications ========================================================== TopperMod 1.0 mod.php Local File Inclusion Vulnerability ========================================================== Author: GiReX CMS: TopperMod v1.0 Site: rtcw.ch/mio/index.php Bu...
TopperMod 1.0 - mod.php Local File Inclusion
TopperMod 1.0 - mod.php Local File Inclusion Author: GiReX mySite: girex.altervista.org CMS: TopperMod v1.0 Site: rtcw.ch/mio/index.php Bug: Local File Inclusion File: mod.php Var : $to Bug explanation - Vuln Code: if isset$GET'mod' $mod = stripslashes$GET'mod'; else header"location index.php";...
TopperMod 1.0 (mod.php) Local File Inclusion Vulnerability
No description provided by source. Author: GiReX mySite: girex.altervista.org CMS: TopperMod v1.0 Site: rtcw.ch/mio/index.php Bug: Local File Inclusion File: mod.php Var : $to Bug explanation - Vuln Code: if isset$GET'mod' $mod = stripslashes$GET'mod'; else header"location index.php"; Die; if...
phpwebsitedownloads-sql.txt
powered by phpWebSitedownloads AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAiL : [email protected] DORK 1 : allinurl:"mod.php?mod=downloads" EXPLOIT :...
phpwebsitedownload-sql.txt
powered by phpWebSitedownload AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAiL : [email protected] DORK 1 : allinurl:"mod.php?mod=download" DORK 2 : allinurl: EXPLOIT :...
Sql injection
Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via the 1 artid parameter to mod.php in a viewarticle action publisher mod and the 2 bid parameter to banners.php in a click action. NOTE: the mod.php viewdisk and viewlink vectors are...
eNdonesia 8.4 - mod.php?viewarticle Action artid SQL Injection
eNdonesia 8.4 - mod.php?viewarticle Action artid SQL Injection source: https://www.securityfocus.com/bid/24590/info eNdonesia is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal...
CVE-2003-1316
mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive information via a ' quote value in the lng parameter, which reveals the path in an error message. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2004-2670
Affected software: eNdonesia 8.3 (publisher module) with mod.php. Vulnerable component/file: mod.php in the publisher module; issue stems from cross-site scripting (XSS) in two input vectors. Payload vectors: (1) mod parameter in a viewcat operation, (2) query parameter in a search operation. Imp...
CVE-2006-6871
CVE-2006-6871 affects eNdonesia 8.4 with four XSS vectors : (1) mod.php viewlink parameter (mod), (2) informasi module showinfo intypeid, (3) the "your Friend" field in friend.php, (4) the "Main Text" field in admin.php. The vulnerability allows remote attackers to inject arbitrary web script or ...
CVE-2004-2671
mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive information via certain direct requests, and certain requests with invalid parameter values, which reveal the path in various error messages, as demonstrated by the 1 mod and 2 cid parameters...
CVE-2003-1316
mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive information through a improper handling of the lng parameter, where a quote value triggers an error message that reveals the server path. This is an information disclosure vulnerability (path exposure) without details on exploit...