22 matches found
EUVD-2006-1962
Malware in sbrugna...
EUVD-2006-1963
Malware in sbrugna...
EUVD-2008-2480
Malware in sbrugna...
PCPIN Chat <= 5.0.4 (login/language) Remote Code Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo PCPIN Chat = 5.0.4 \login/language\ remote cmmnds xctn\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n\r\n; echo - works with magicquotesgpc = Off\r\n; echo dork: \powered by...
CVE-2008-2485
Cross-site scripting XSS vulnerability in the URL redirection script inc/urlredirection.inc.php in PCPIN Chat before 6.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the URL redirection script inc/urlredirection.inc.php in PCPIN Chat before 6.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
CVE-2008-2485
The CVE-2008-2485 entry describes an XSS vulnerability in the PCPIN Chat application (before 6.11) via the URL redirection script inc/url_redirection.inc.php. The root cause is unspecified in the docs beyond a cross-site scripting flaw that allows remote attackers to inject arbitrary web script o...
CVE-2008-2485
Cross-site scripting XSS vulnerability in the URL redirection script inc/urlredirection.inc.php in PCPIN Chat before 6.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
PCPIN Chat 6: potential XSS vulnerability in URL redirection script
All PCPIN Chat 6 versions prior to 6.11 are affected by the potential XSS vulnerability in URL redirection script. The vulnerability is caused by insufficient protocol scheme validation in file /inc/urlredirection.inc.php More info and patch here:...
PCPINChat-5.0.4.txt
!/usr/bin/php -q -d shortopentag=on works with magicquotesgpc = Off\r\n"; echo "dork: "powered by PCPIN.com"\r\n\r\n"; if $argc "" OR login = "" or isnull1/0/ AND password = "somehash" AND activated = "1" LIMIT 1 ii arbitrary local inclusion: now you can upload smilies with php code inside, we...
Sql injection
SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field login parameter to main.php...
Directory traversal
Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." dot dot in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code...
CVE-2006-1962
SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field login parameter to main.php...
CVE-2006-1963
Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." dot dot in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code...
CVE-2006-1963
Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." dot dot in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code...
CVE-2006-1962
SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field login parameter to main.php...
CVE-2006-1963
CVE-2006-1963 affects PCPIN Chat 5.0.4 and earlier. A directory traversal flaw in main.php allows remote authenticated users to include and execute arbitrary PHP code by manipulating a language cookie (demonstrated via a smiliefile image that contains PHP code). The root cause is unsafely handlin...
CVE-2006-1962
CVE-2006-1962 affects PCPIN Chat 5.0.4 and earlier. The vulnerability is an SQL injection in the login path: user input in the username field (login parameter to main.php) can be manipulated to execute arbitrary SQL commands on the backend. This is exploitable remotely and can impact confidential...
PCPIN Chat <= 5.0.4 (login/language) Remote Code Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "PCPIN Chat = 5.0.4 "login/language" remote cmmnds xctn\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "- works with magicquotesgpc = Off\r\n"; echo "dork:...
PCPIN Chat <= 5.0.4 (login/language) Remote Code Execution Exploit
Exploit for unknown platform in category web applications ================================================================== PCPIN Chat works with magicquotesgpc = Off\r\n"; echo "dork: "powered by PCPIN.com"\r\n\r\n"; if $argc "" OR...