Sql injection

Multiple SQL injection vulnerabilities in module.php in LANAI la-nai CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via 1 the mid parameter in an faqviewgroup action in the FAQ Modules, 2 the cid parameter in the EZSHOPINGCART Modules, or 3 the gid parameter in a view action ...

CVE-2007-4210

CVE-2007-4210 affects LANAI (la-nai) CMS 1.2.14. The issue consists of multiple SQL injection vulnerabilities in module.php, allowing remote attackers to execute arbitrary SQL commands via three parameters: (1) mid in the FAQ Modules (faqviewgroup action), (2) cid in EZSHOPPINGCART Modules, and (...

lanai-sql.txt

newhackdotorg la-nai cmsv1.2.14 - Remote SQL Injection Vendor : http://www.redlinesoft.net/module.php?modname=content&cid=9 Download : http://sourceforge.net/project/showfiles.php?groupid=191629 Found By : k1tk4t - k1tk4t4tnewhack.org http://newhack.org Location : Indonesia bug terdapat pada la-n...

Lanius CMS 1.2.14 - Multiple SQL Injections

newhackdotorg la-nai cmsv1.2.14 - Remote SQL Injection Vendor : http://www.redlinesoft.net/module.php?modname=content&cid=9 Download : http://sourceforge.net/project/showfiles.php?groupid=191629 Found By : k1tk4t - k1tk4t4tnewhack.org http://newhack.org Location : Indonesia bug terdapat pada la-n...

la-nai cms 1.2.14 Multiple Remote SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications =============================================================== la-nai cms 1.2.14 Multiple Remote SQL Injection Vulnerabilities =============================================================== newhackdotorg la-nai cmsv1.2.14 - Remote SQL...

CVE-2007-4100

MLDonkey before 2.9.0 does not load certain code from $MLDONKEY/webinfos/ before the network modules become active, which allows remote attackers to bypass the IP blocklist...

CVE-2007-4100

Removed by vendor...

ASA-2007-016: Remote crash vulnerability in Skinny channel driver

Asterisk Project Security Advisory - ASA-2007-016 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Remote crash vulnerability in Skinny channel | | | driver |...

Sql injection

Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via 1 the idurlo field in the deleteurlo function in a index.php in the urlobox module; the iden field in the 2 updatefile and 3 delfile functions in b index.php in the reviews module...

osCommerce Online Merchant v2.2 RC1 local include bug

osCommerce Online Merchant v2.2 RC1 local include bug SEVERITY: ========= Normal SOFTWARE: ========= osCommerce Online Merchant v2.2 RC1 http://oscommerce.com/ INFO: ===== osCommerce is an Open Source based online shop e-commerce solution that is available for free under the GNU General Public...

squirrel-exec.txt

SquirrelMail G/PGP Encryption Plug-in Remote Command Execution Vulnerability Bugtraq ID: 24782 ----------------------------- There are various vulnerabilities in this software! One is in keyringmain.php! $fpr is not escaped from shellcommands! testbox:/home/w00t cat /tmp/w00t cat: /tmp/w00t: No...

MKPortal 1.1.1 reviews Gallery modules - SQL Injection

MKPortal 1.1.1 reviews Gallery modules - SQL Injection ?php / i MkPortal "reviews" and "gallery" modules SQL Injection Exploit i Vulnerable versions: MkPortal = 1.1.1 i Bug discovered by: Coloss i Exploit by: Coloss i Date: 06.07.2007 i This is priv8 not for kids Notes At this time MkPortal 1.1.1...

Design/Logic Flaw

The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

Design/Logic Flaw

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

CVE-2007-3690

The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

CVE-2007-3690

The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

CVE-2007-3689

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

Print - Access bypass

Print is a module that allows site administrators to produce a "print friendly" version of a posting. By manipulating URL arguments, authenticated and anonymous users are able to access posts that should have been restricted by a node access module such as Organic Groups, Taxonomy Access Control,...

[SECURITY] Fedora Core 6 Update: perl-Net-DNS-0.60-1.fc6

Net::DNS is a collection of Perl modules that act as a Domain Name System DNS resolver. It allows the programmer to perform DNS queries that are beyond the capabilities of gethostbyname and gethostbyaddr. The programmer should be somewhat familiar with the format of a DNS packet and its various...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the 1 modulekey parameter to a kb/kb.php, b quiz/runquiz.php, c quiz/quiz.php, d forum/forum.php, e forum/byname.php, and f journal/journalview.php in modules...