CVE-2008-2271

The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain session IDs from the database...

Phoenix View CMS <= Pre Alpha2 (SQL/LFI/XSS) Multiple Vulnerabilities

No description provided by source. Phoenix View CMS = Pre Alpha2 Multiple Vulnerabilities LFISQLIXSS Found by : tw8 Date : 8.05.2008 Website && Forum : http://rstzone.org && http://rstzone.org/forum/ Bug type : LFI, SQLI & XSS Affected software description: Application : Phoenix View CMS Version ...

Phoenix View CMS <= Pre Alpha2 (SQL/LFI/XSS) Multiple Vulnerabilities

Exploit for unknown platform in category web applications ===================================================================== Phoenix View CMS = Pre Alpha2 SQL/LFI/XSS Multiple Vulnerabilities ===================================================================== Phoenix View CMS = Pre Alpha2...

Miniweb 2.0 - &#039;historymonth&#039; SQL Injection

Rem0te SQL Injection Vulnerability Miniweb 2.0 index.php Author: HaCkeR-EgY H^0mE: www.pal-hacker.com , atsdp.com CONTact: [email protected] =========================================================== Script : Miniweb " Blog Writer " version : 2.0 Module Price: Only $39.00 Portal Price : $ 11...

CVE-2008-1977

CVE-2008-1977 describes a CSRF vulnerability in the Drupal Internationalization (i18n) module. Affected: Drupal i18n module versions 5.x before 5.x-2.3 and 5.x-1.1, and 6.x before 6.x-1.0 beta 1. The issue allows remote attackers to change node translation relationships via unspecified vectors. T...

RunCMS Module MyArticles 0.6 Beta-1 - SQL Injection

RunCMS Module MyArticles 0.6 Beta-1 - SQL Injection Cr@zyKing / [email protected] ' ¿? seLçuK abim1z qururumuzsun altın kemer Trabzonun !.. K1 World Champions Selçuk Aydın The Best Of , Number One ; RunCms MyArticles Module 0.6 Beta-1 Remote Sql Ä°nj. Down :...

PostNuke Module PostSchedule (eid) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================== PostNuke Module PostSchedule eid SQL Injection Vulnerability ============================================================== Vuln: Postnuke Mod PostSchedule SQL Vuln Author: Vul...

XOOPS Module Recipe (detail.php id) SQL Injection Vulnerability

No description provided by source. XOOPS Project-RecetteRecipe2.2 SQL Injection Vulnerability AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MA脻L : [email protected] DORK 1 : allinurl :"modules/recipe" EXPLOIT :...

CVE-2008-1839

CVE-2008-1839 affects WORK system e-commerce 4.0.9. The vulnerability is described as multiple cross-site scripting (XSS) in module/main.php, exploitable via the (1) day, (2) month, and (3) year parameters. The notes indicate not all provenance is confirmed and details come from third-party sourc...

CVE-2008-1794

The CVE-2008-1794 entry concerns multiple XSS vulnerabilities in the Drupal Webform module affecting versions 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3. The root cause is unspecified in the provided documents, but remote attackers could inject arbitrary web s...

Dream4 Koobi CMS 4.2.4/4.2.5/4.3.0 - Multiple SQL Injections

--==+=================== Spanish Hackers Team www.spanish-hackers.com =================+==-- --==+ Koobi CMS 4.3.0, 4.2.5, 4.2.4 Multiple Remote SQL Injection +==-- --==+====================================================================================+==-- + JosS + Spanish Hackers Team + Sys -...

Python zlib Module - Remote Buffer Overflow

source: https://www.securityfocus.com/bid/28715/info Python zlib module is prone to a remote buffer-overflow vulnerability because the library fails to properly sanitize user-supplied data. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an...

SA-2008-022 - Flickr - Cross site scripting

The Flickr module allows one to access photos on one's site via the Flickr API. The module provides a filter for inserting photos and photosets and blocks for a user's recent photos and photosets. Several values are displayed without being escaped, which enables users to inject arbitrary HTML and...

Microsoft IIS webhits.dll Hit-Highlighting Authentication Bypass

The remote IIS web server contains a vulnerability in the Server Hit Hilight Module which may allow an attacker to view the contents of a page otherwise requiring authentication. An attacker may exploit this flaw to bypass authentication on certain pages. C Tenable Network Security, Inc...

RunCMS Module Photo 3.02 - &#039;cid&#039; SQL Injection

RunCMS Module Photo 3.02 SQL injection AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 BLOG : http://my.opera.com/SQL-Injection/blog/ MAÄ°L : [email protected] DORK 1 : allinurl: "modules/photo/viewcat.php?id" DORK 2 : inurl:photo "powered by runcms" EXPLOIT : admin...

RunCMS Module section - artid SQL Injection

RunCMS Module section - artid SQL Injection Cr@zyKing [email protected] / hackshow.us Grtz : CrackersChild - str0ke - 3php - AleminKrali - Eno7 - DreamTurk - TheBekir - Mhzr91 Runcms Module Section artid Remote Sql Ä°nj. Vuln. Example : - modules/sections/index.php?op=viewarticle&artid=Sql ...

RunCMS Module section - &#039;artid&#039; SQL Injection

Cr@zyKing [email protected] / hackshow.us Grtz : CrackersChild - str0ke - 3php - AleminKrali - Eno7 - DreamTurk - TheBekir - Mhzr91 Runcms Module Section artid Remote Sql Ä°nj. Vuln. Example : - modules/sections/index.php?op=viewarticle&artid=Sql - Sql :...

eXV2 Module eblog 1.2 (blog_id) Remote SQL Injection Vulnerability

No description provided by source. Powered by eXV2 eblog 1.2 SQL Injection AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAL : [email protected] DORKS 1 : allinurl :"modules/eblog" DORK 2 : allinurl :"exoops/modules/eblog" EXPLOIT :...

eXV2 Module eblog 1.2 (blog_id) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================== eXV2 Module eblog 1.2 blogid Remote SQL Injection Vulnerability ================================================================== Powered by eXV2 eblog 1.2 SQL Injection...

XOOPS Module tutorials (printpage.php) SQL Injection Vulnerability

No description provided by source. AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MA陌L : [email protected] DORKS 1 : allinurl :"/modules/tutorials/" DORK 2 : allinurl :"/modules/tutorials/"tid EXPLOIT 1 :...