1408 matches found
CuteNews 1.4.1 - function.php Local File Inclusion
CuteNews 1.4.1 - function.php Local File Inclusion CuteNews 1.4.1 user Hash password Finder CuteNews 1.4.1 and Below user Hash password Finder Security ? . Bug Discovered and Exploited by Hamid Ebadi .: Hamid Network Security Team :. Happy Norouz PERSIAN new year celebration Greetz to all Iranian...
MailGust SQL Injection Vulnerability
The remote web server contains a PHP script that is prone to SQL injection attacks. Description : The remote host appears to be running MailGust, a mailing list manager, newsletter distribution tool and message board. A vulnerability was identified in MailGust, which may be exploited by remote...
Digital Scribe login.php SQL Injection flaw
The remote web server contains a PHP script which is vulnerable to a SQL injection. Description : The remote web server hosts Digital Scribe, a student-teacher set of scripts written in PHP. The version of Digital Scribe installed on the remote host is prone to SQL injection attacks through the...
Calendar Express Multiple Flaws
The remote web server contains a PHP script which is vulnerable to a cross site scripting and SQL injection vulnerability. Description : The remote host is using Calendar Express, a PHP web calendar. A vulnerability exists in this version which may allow an attacker to execute arbitrary HTML and...
The Includer remote command execution flaw
The remote web server contains a PHP script that is affected by a remote code execution vulnerability. The remote host is running The Includer, a PHP script for emulating server-side includes. The version of The Includer installed on the remote host allows an attacker to execute arbitrary shell...
Land Down Under <= 800 Multiple Vulnerabilities
The remote web server contains a PHP script that permits SQL injection and cross-site scripting attacks. Description : The remote version of Land Down Under is prone to various SQL injection and cross-site scripting attacks provided PHP's 'magicquotes' setting is disabled due to its failure to...
CuteNews <= 1.4.1 (function.php) Local File Include Exploit
No description provided by source. ?php // Happy NEW Iranian year . // Happy Norouz PERSIAN celebration // CuteNews 1.4.1 CutePHP.com Hash password Finder // by Hamid Ebadi // http://hamid.ir // Bug Discovered and Exploited by Hamid Ebadi .: Hamid Network Security Team :. // run it from your...
WebAlbum <= 2.02pl COOKIE[skin2] Remote Code Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "WebAlbum = 2.02pl $COOKIEskin2 remote cmmnds xctn \r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "- this works with magicquotesgpc=Off\r\n"; echo "dork: WEBalbum...
txtForum: Script Injection Vulnerability
=========================================================== txtForum: Script Injection Vulnerability =========================================================== Technical University of Vienna Security Advisory TUVSA-0603-004, March 9, 2006 =========================================================...
Woltlab Burning Board Multiple SQL Injections
The remote version of Burning Board includes an optional module, the Database module, that fails to properly sanitize the 'fileid' parameter of the 'infodb.php' script, which can be exploited to launch SQL injection attacks against the affected host. %NASLMINLEVEL 70300 C Tenable Network Security...
RedBLoG <= 0.5 (cat_id) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ==================================================== RedBLoG x...
Owl Intranet Engine lib/OWL_API.php xrms_file_root Parameter Remote File Inclusion
The remote host is running Owl Intranet Engine, a web-based document management system written in PHP. The version of Owl Intranet Engine on the remote host fails to sanitize user-supplied input to the 'xrmsfileroot' parameter of the 'lib/OWLAPI.php' script before using it in a PHP 'requireonce'...
LoudBlog 0.41 - podcast.php SQL Injection
LoudBlog 0.41 - podcast.php SQL Injection source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow...
LoudBlog 0.41 - backend_settings.php Traversal Arbitrary File Access
LoudBlog 0.41 - backendsettings.php Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure...
LoudBlog 0.41 - 'index.php?template' Traversal Arbitrary File Access
source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow remote attackers to execute arbitrary PHP...
LoudBlog 0.41 - 'backend_settings.php' Traversal Arbitrary File Access
source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow remote attackers to execute arbitrary PHP...
LoudBlog 0.41 - index.php?template Traversal Arbitrary File Access
LoudBlog 0.41 - index.php?template Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure...
LoudBlog 0.41 - 'podcast.php' SQL Injection
source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow remote attackers to execute arbitrary PHP...
NSA Group Security Advisory NSAG-№202-25.02.2006 Vulnerability WEBSITE GENERATOR 3.3
Advisory: NSAG-№202-25.02.2006 Research: NSA Group Russian company on Audit of safety & Network security Site of Research: http://www.nsag.ru or http://www.nsag.org Product: WEBSITE GENERATOR 3.3 Site of manufacturer: http://freehostshop.com The status: 19/11/2005 - Publication is postponed...
NSAG-202-25.02.2006.txt
Advisory: NSAG-¹202-25.02.2006 Research: NSA Group Russian company on Audit of safety & Network security Site of Research: http://www.nsag.ru or http://www.nsag.org Product: WEBSITE GENERATOR 3.3 Site of manufacturer: http://freehostshop.com The status: 19/11/2005 - Publication is postponed...