1134 matches found
CVE-2007-2189
PHP remote file inclusion vulnerability in admin/adminalbumotf.php in the MX Smartor Full Album Pack FAP 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...
CVE-2007-2189
PHP remote file inclusion vulnerability in admin/adminalbumotf.php in the MX Smartor Full Album Pack FAP 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...
CVE-2007-2189
CVE-2007-2189 corresponds to a PHP remote file inclusion vulnerability in the MX Smartor Full Album Pack (FAP) 2.0 RC1 module for mxBB. The flaw resides in admin/admin_album_otf.php and allows remote attackers to execute arbitrary PHP code via a URL supplied to the phpbb_root_path parameter. Mult...
Mx Module Smartor Album FAP 2.0 RC 1 - Remote File Inclusion
mxBB Module MX Smartor FAP 2.0 RC1 Remote File Inclusion Vulnerability Class: Remote Vendor: http://www.mx-system.com/modules/mxpafiledb/dload.php?action=download&fileid=364 Founder: bd0rk Contact: bd0rkathackermail.com Vulnerable Code in /admin/adminalbumotf.php...
Mx Module Smartor Album FAP 2.0 RC 1 - Remote File Inclusion
Mx Module Smartor Album FAP 2.0 RC 1 - Remote File Inclusion mxBB Module MX Smartor FAP 2.0 RC1 Remote File Inclusion Vulnerability Class: Remote Vendor: http://www.mx-system.com/modules/mxpafiledb/dload.php?action=download&fileid=364 Founder: bd0rk Contact: bd0rkathackermail.com Vulnerable Code ...
mxBB Module MX Shotcast 1.0 RC2 (getinfo1.php) RFI Exploit
Exploit for unknown platform in category web applications ========================================================== mxBB Module MX Shotcast 1.0 RC2 getinfo1.php RFI Exploit ========================================================== !/usr/bin/perl mxBB Module MX Shotcast 1.0 RC2 getinfo1.php Remo...
CVE-2007-1874
Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the 1 CFMX7DreamWeaverExtensions.mxp, 2 CFReportBuilderInstaller.exe, 3 .com.zerog.registry.xml, 4...
CVE-2007-1874
CVE-2007-1874 affects Adobe ColdFusion MX 7 for Linux and Solaris. The vulnerability stems from insecure permissions on specific scripts and directories (including CFMX7DreamWeaverExtensions.mxp, CFReportBuilderInstaller.exe, .com.zerog.registry.xml, uninstall.lax, license.txt, Readme.htm, k2admi...
Design/Logic Flaw
Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root...
JVN#28356427 ColdFusion cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct a session hijacking. Solution Products Affected ColdFusion MX 7.X For more information, refer to the vendor's website...
CVE-2006-6825
Calendar MX BASIC 1.0.2 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for calendar.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely fro...
CVE-2006-6825
CVE-2006-6825 affects Calendar MX BASIC 1.0.2 and earlier. The vulnerability arises because the application stores sensitive information under the web root with insufficient access control, enabling remote attackers to download the database (calendar.mdb) via a direct request. The records indicat...
CVE-2006-6825
Calendar MX BASIC 1.0.2 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for calendar.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely fro...
CVE-2006-6792
SQL injection vulnerability in calendardetail.asp in Calendar MX BASIC 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-6787
SQL injection vulnerability in admin/adminmailadressee.asp in Newsletter MX 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter...
CVE-2006-6787
SQL injection vulnerability in admin/adminmailadressee.asp in Newsletter MX 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter...
CVE-2006-6792
CVE-2006-6792 affects Calendar MX BASIC 1.0.2 and earlier, with an SQL injection via the ID parameter in calendar_detail.asp. The vulnerability details provided indicate remote attackers could potentially manipulate SQL commands, aligned with a CVSS v2 base score of 7.5 (HIGH) and network access ...
CVE-2006-6787
CVE-2006-6787 is a SQL injection vulnerability in Newsletter MX 1.0.2 and earlier. The flaw resides in the admin/admin_mail_adressee.asp page, where the ID parameter can be manipulated to cause the application to execute arbitrary SQL commands. Documents provided do not include exploit code or in...
Newsletter MX <= 1.0.2 (ID) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl Script Name: Newsletter MX : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /\// else print "-- Exploit FailedNo DIR \n"; exit; print "User : "; $ID = ; chop $ID; if $ID = /exit/ print...
Title : Calendar MX BASIC <= 1.0.2 (ID) Remote SQL Injection Vulnerability
Title : Calendar MX BASIC = 1.0.2 ID Remote SQL Injection Vulnerability Author : ajann Contact : : $$ : Free SQL--------------------------------------------------------- http://target/path//calendardetail.asp?ID=SQL Example:...