1408 matches found
AutoIndex PHP Script 2.2.1 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/25448/info AutoIndex PHP Script is prone a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user i...
autoindexXSS.txt
Title : AutoIndex PHP Script searchmode Cross-Site Scripting Vulnerability Description : AutoIndex PHP Script is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. Software : http://autoindex.sourceforge.net/ Vuln. Version : = 2.2...
Mapos Bilder Galerie Version 1.0 Remote Command Execution Vulnerability
Mapos Bilder Galerie Version 1.0 Remote Command Execution Vulnerability ----------------------------------------------------------------------- Script : Mapos Bilder Galerie Version : 1.0 Site : http://www.mapos-scripts.de Founder : Rizgar Contact : [email protected] and irc.gigachat.net...
Unfixed XSS vulnerability at www.mikejordan.com
Security researcher KaBuS, has submitted on 08/03/2007 a cross-site-scripting XSS vulnerability affecting www.mikejordan.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/03/2007. It is currently...
paFileDB includes/search.php categories Parameter SQL Injection
The version of paFileDB installed on the remote host fails to sanitize user-supplied input to the 'categories' parameter before using it in the 'includes/search.php' script to make database queries. An unauthenticated attacker can exploit this issue to manipulate database queries, which could lea...
Unfixed XSS vulnerability at www.ethelrosenfeld.org.br
Security researcher KaBuS, has submitted on 07/03/2007 a cross-site-scripting XSS vulnerability affecting www.ethelrosenfeld.org.br, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/03/2007. It is...
Solar Empire <= 2.9.1.1 Blind SQL Injection / Hash Retrieve Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo " ------------------------------------------------------------------------ Solar Empire = 2.9.1.1 Blind SQL Injection / Hash Retrieve Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks t...
Re: DGNews version 2.1 SQL Injection Vulnerability
hi there there's also another sql injection on this script: news.php?go=fullnews&newsid=-9+union+select+1,2,loadfilechar47,101,116,99,47,112,97,115,115,119,100,4,5,6,720from20newscomment/ //result: "This news has 1 comments. Please read, or post one by click here. 5 by:...
Inout Meta Searh engine Remote Code Execution
!/usr/bin/php -q -d shortopentag=on ? echo " Inout Search Engine all version Remote Code Execution Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love "; if $argc3 echo "Usage: php ".$argv0." Host Path cmd Host: targe...
GForge CVSWeb CGI cvsweb.php PATH_INFO Parameter Arbitrary Command Execution
The remote host is running GForge, a web-based project for collaborative software development. The version of GForge installed on the remote host fails to sanitize user-supplied input to the 'plugins/scmcvs/cvsweb.php' script before using it to execute a shell command. An unauthenticated attacker...
sriweb-xss.txt
XSS found by fl0 fl0w in sri.ro Description: The Romanian Secret Service web site suffers from cross site scripting vulnerability. Author: fl0 fl0w Homepage: http://popesculescu.lx.ro File Size: 5,13 KB site 'search' variable XSS Cross Site Scripting in URI Desciption : This XSS variant usually...
tsp-exec.txt
!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$strin...
Snaps! Gallery 1.4.4 Remote User Pass Change Exploit
Exploit for unknown platform in category web applications ==================================================== Snaps! Gallery 1.4.4 Remote User Pass Change Exploit ==================================================== ?php / \|/// \ - - // @ @...
miniwebshop2-xss.txt
-=--------------------ADVISORY-------------------=- Mini Web Shop V.2 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Mini Web Shop -=+ Version: 2 -=+ Vendor's URL: http://obiewebsite.sourceforge.net/o.php?MiniWebShop -=+ Platform:...
RunCMS < 1.5.3 debug_show.php Multiple Vulnerabilities
The installed version of RunCMS fails to validate input to the 'class/debug/debugshow.php' script. An unauthenticated attacker may be able to leverage this issue to manipulate SQL queries or to determine information about local files on the affected host. %NASLMINLEVEL 70300 C Tenable Network...
mxBB Module FAQ & RULES 2.0.0 Remote File Inclusion Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? print ' mxBB Module MX Faq & Rules = 2.0.0 faq.php Remote File Include Exploit Vendor: http://www.mx-system.com/modules/mxpafiledb/dload.php?action=download&fileid=371 Bug found and Exploit by bd0rk from SOH-Crew Website1:...
DmCMS Shell Upload exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? / / DmCMS Shell Uploading / This exploit should allow you to execute commands / By : HACKERS PAL / WwW.SoQoR.NeT / echo' // / DmCMS Shell Uploading / / by HACKERS PAL [email protected] / / site: http://www.soqor.net /'; if...
meth-xss.txt
!/usr/bin/php -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =-=-=-=-=-= ISSUE: SIP protocol's fields such as From, To, Call-ID, User-Agent and many others can carry html tags, wich are shown unfiltered by the Asterisk Log File tools located at...
turbulence core.0.0.1-alpha - REMOTE FILE INCLUSION
. . . . | . .| . .;/ || .| .net | .| "turbulence core.0.0.1-alpha - REMOTE FILE INCLUSION" by Omni 1 Infos --------- Date : 2007-04-20 Product : turbulence core Version : 0.0.1 alpha Vendor : http://sourceforge.net/projects/turbulence Vendor Status : 2007-04-20 - Not Informed! 2007-04-21 - Vendor...
The United States Blizzard[World Of Warcraft] official program vulnerability-vulnerability warning-the black bar safety net
Battle.net clan management system using a MySQL backend, allowing users to easily upgrade and maintain the web site. System to achieve on exist input validation vulnerability, a remote attacker could use this vulnerability to executeSQL injectionattacks, unauthorized access to system administrati...