LoudBlog 0.41 - podcast.php SQL Injection

LoudBlog 0.41 - podcast.php SQL Injection source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow...

LoudBlog 0.41 - 'index.php?template' Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow remote attackers to execute arbitrary PHP...

LoudBlog 0.41 - 'podcast.php' SQL Injection

source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow remote attackers to execute arbitrary PHP...

LoudBlog 0.41 - 'backend_settings.php' Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow remote attackers to execute arbitrary PHP...

NSAG-202-25.02.2006.txt

Advisory: NSAG-¹202-25.02.2006 Research: NSA Group Russian company on Audit of safety & Network security Site of Research: http://www.nsag.ru or http://www.nsag.org Product: WEBSITE GENERATOR 3.3 Site of manufacturer: http://freehostshop.com The status: 19/11/2005 - Publication is postponed...

NSA Group Security Advisory NSAG-№202-25.02.2006 Vulnerability WEBSITE GENERATOR 3.3

Advisory: NSAG-№202-25.02.2006 Research: NSA Group Russian company on Audit of safety & Network security Site of Research: http://www.nsag.ru or http://www.nsag.org Product: WEBSITE GENERATOR 3.3 Site of manufacturer: http://freehostshop.com The status: 19/11/2005 - Publication is postponed...

phpBB 2.0.18 - Remote Brute Force/Dictionary (2)

!/usr/bin/perl Title: PhpBB Note: Host the php script and replace the line 34 Php script for the email option because win32 don't support Mail::Mailer Changelog: Bruteforce option | Starting length | Email option | More fast | Die error disabled | Credits: Fully coded by DarkFig Greetz: Romano Pg...

XSS vulnerability in guestbook-php-script

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------- SySS-Advisory: XSS-vulnerability in guestbook-php-script - ------------------------------------------------------------------- Problem discovered: February 3d 2006 Vendor contacted:...

creLoaded 6.15 - HTMLAREA Automated Perl

creLoaded 6.15 - HTMLAREA Automated Perl !/usr/bin/perl creLoaded Rather simple exploit, but still an exploit nonetheless. Attempts to upload php script and utilise that to execute commands, and show off a fake shell. Can specify: User-defined PHP script or one provided in this script suits most...

creLoaded <= 6.15 (HTMLAREA) Automated Perl Exploit

Exploit for unknown platform in category web applications =================================================== creLoaded Rather simple exploit, but still an exploit nonetheless. Attempts to upload php script and utilise that to execute commands, and show off a fake shell. Can specify: User-defined...

creLoaded &lt;= 6.15 (HTMLAREA) Automated Perl Exploit

No description provided by source. !/usr/bin/perl creLoaded = 6.15 HTMLAREA automated perl exploit hacked up by kaneda [email protected] Rather simple exploit, but still an exploit nonetheless. Attempts to upload php script and utilise that to execute commands, and show off a fake shell. C...

creLoaded 6.15 - &#039;HTMLAREA&#039; Automated Perl

!/usr/bin/perl creLoaded Rather simple exploit, but still an exploit nonetheless. Attempts to upload php script and utilise that to execute commands, and show off a fake shell. Can specify: User-defined PHP script or one provided in this script suits most occasions Additional variables to pass to...

Ubuntu 4.10 : imlib2 vulnerabilities (USN-55-1)

Recently, Pavel Kankovsky discovered several buffer overflows in imlib which were fixed in USN-53-1. It was found that imlib2 was vulnerable to similar issues. If an attacker tricked a user into loading a malicious XPM or BMP image, he could exploit this to execute arbitrary code in the context o...

phpDocumentor <= 1.3.0 RC4 Local And Remote File Inclusion

phpDocumentor is a automatic documentation generator for PHP. The remote host appears to be running the web-interface of phpDocumentor. This version does not properly sanitize user input in the 'filedialog.php' file and a test file called 'bug-559668.php' It is possible for an attacker to include...

The Includer includer.cgi Arbitrary Command Execution

The remote host is running The Includer, a PHP script for emulating server-side includes. The version of The Includer installed on the remote host allows an attacker to execute arbitrary shell commands by including shell metacharacters as part of the URL. %NASLMINLEVEL 70300 C Tenable Network...

CVE-2005-4094

connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to execute arbitrary PHP by using the FileUpload command to upload a file that appears to be an image but contains PHP script...

qnews.txt

Language: PHP Script: Q-News Version: 2.0 Official website: http://sourceforge.net/projects/q-news/ Problem: Remote file inclusion Discovered by: GB Description: =========== Q-News is a Quick News generator written in PHP that generates small text files that can be included a site, it has a lot o...

Guppy 4.5.9 - REMOTE_ADDR Remote Command Execution

Guppy 4.5.9 - REMOTEADDR Remote Command Execution Guppy body background-color:111111; SCROLLBAR-ARROW-COLOR: ffffff; SCROLLBAR-BASE-COLOR: black; CURSOR: crosshair; color: 1CB081; img backgro...

Softbiz Resource Repository Script SQL vuln.

Softbiz Resource Repository Script SQL vuln. Vuln. dicovered by : r0t Date: 28 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/softbiz-resource-repository-script-sql.html Vendor:http://www.softbizscripts.com/resource-repository-script-features.php affected version: 1.1 and prior...

Softbiz Web Host Directory Script Multiple vuln.

Softbiz Web Host Directory Script Multiple vuln. Vuln. dicovered by : r0t Date: 23 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/web-host-directory-script-multiple.html Vendor:www.softbizscripts.com Product link:http://www.softbizscripts.com/web-hosting-directory-script.php...