pHNews Alpha 1 (header.php mod) SQL Injection Vulnerability

Exploit for unknown platform in category web applications =========================================================== pHNews Alpha 1 header.php mod SQL Injection Vulnerability =========================================================== 0x01 Informations: Name : pHNews Alpha 1 Download :...

pHNews Alpha 1 SQL Injection

0x01 Informations: Name : pHNews Alpha 1 Download : http://www.hotscripts.com/listings/jump/download/50111/ Vulnerability : Sql Injection Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/header.php Code $mod = $GET"mod"; // If no mod is select...

Fedora Update for horde FEDORA-2008-2087

Check for the Version of horde OpenVAS Vulnerability Test Fedora Update for horde FEDORA-2008-2087 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

Remote file inclusion

PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathdocroot parameter...

Directory traversal

Directory traversal vulnerability in faqsupport/wce.download.php in WebBiscuits Modules Controller 1.1 allows remote attackers to read arbitrary files via a .. dot dot in the download parameter...

CVE-2008-6139

Directory traversal vulnerability in faqsupport/wce.download.php in WebBiscuits Modules Controller 1.1 allows remote attackers to read arbitrary files via a .. dot dot in the download parameter...

CVE-2008-6138

PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathdocroot parameter...

CVE-2008-6139

Directory traversal vulnerability in faqsupport/wce.download.php in WebBiscuits Modules Controller 1.1 allows remote attackers to read arbitrary files via a .. dot dot in the download parameter...

CVE-2008-6139

CVE-2008-6139 describes a directory traversal vulnerability in WebBiscuits Modules Controller 1.1, where the download parameter in faqsupport/wce.download.php can be manipulated with .. to read arbitrary files. Supported by NVD/NIST records and multiple references; exploitation details are not de...

CVE-2008-6138

The CVE-2008-6138 entry concerns a PHP remote file inclusion in adminhead.php of WebBiscuits Modules Controller 1.1 and earlier. The vulnerability allows an attacker to execute arbitrary PHP code by supplying a crafted URL in the path[docroot] parameter, enabling remote code execution. Affected s...

CVE-2008-6138

PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathdocroot parameter...

[SECURITY] Fedora 9 Update: dahdi-tools-2.0.0-1.fc9

DAHDI stands for Digium Asterisk Hardware Device Interface. This package contains the userspace tools to configure the DAHDI kernel modules. DAHDI is the replacement for Zaptel, which must be renamed due to trademark issues...

[SECURITY] Fedora 10 Update: python-fedora-0.3.9-1.fc10

Python modules that help with building Fedora Services. This includes a JS ON based auth provider for authenticating against FAS2 over the network and a client that handles communication with the servers. The client module can be used to build programs that communicate with Fedora Infrastructure'...

[SECURITY] Fedora 9 Update: python-fedora-0.3.9-1.fc9

Python modules that help with building Fedora Services. This includes a JS ON based auth provider for authenticating against FAS2 over the network and a client that handles communication with the servers. The client module can be used to build programs that communicate with Fedora Infrastructure'...

ProFTPd SQL injection

SQL injections in database modules...

Directory traversal

Directory traversal vulnerability in admin/modules/aa/preview.php in Syntax Desktop 2.7 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the synTarget parameter...

CVE-2009-0457

Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter to admin/case.php in the 1 ContactPlus and 2 Reviews modules, and 3 the modulename parameter to...

CVE-2009-0448

CVE-2009-0448 concerns a directory traversal vulnerability in Syntax Desktop 2.7. The flaw resides in admin/modules/aa/preview.php, where a crafted synTarget parameter containing ".." allows remote attackers to include and execute arbitrary local files. The vulnerability enables partial impact to...

4Site CMS <= 2.6 Multiple Remote SQL Injection Vulnerabilities

No description provided by source. WSEC-09-002 4Site CMS = 2.6 Multiple Remote SQL Injections Developer site: http://www.4site.ru/ Discovered by D.Mortalov // wsec.ru 1. Auth Bypass Login: 1'or'1 Password: 1'or’1 2. Multiple Remote SQL Injections in 4site CMS modules "Pages" module:...

Syntax Desktop 2.7 Local File Inclusion

-----------------:local File Include:----------------- ------------------------------------------------------- script: syntax-desktop 2-7 ------------------------------------------------------------------ download...