DB Top Sites 1.0 - Remote Command Execution

?php / ------------------------------------------------------------ + About DB Top Sites v1.0 Remote Command Execution Exploit Script homepage : http://www.jnmsolutions.co.uk/topsites/ Author : SirGod Thanks to : Nytro Website : www.mortal-team.org...

Host Directory PRO 2.1.0 - Remote Database Backup

Host Directory Pro Bypass & Backup DB Disc. Multiple Vulns. ---------------------------------------------------------- Discovered By: ZoRLu msn: [email protected] Date: 28/03/09 Home: yildirimordulari.com / z0rlu.blogspot.com / www.experl.com / woltaj.org N0T: Herkes Hecker Olmus :S N0T: New...

Movie PHP Script 2.0 - init.php?anticode Code Execution

Movie PHP Script 2.0 - init.php?anticode Code Execution + Movie PHP Script v2.0 Remote PHP Code Execution + Discovered By SirGod + www.mortal-team.org + Remote PHP Code Execution - Vulnerable code in system/services/init.php :...

Supernews 2.6 - 'index.php?noticia' SQL Injection

Supernews 2.6 SQL Injection Vulnability Download: http://phpbrasil.com/script-download/vT0FaOCySSH/5817 Discovered by Observing and DD3str0y3r Collaps3 CREW - Made In Brazil Dork: Supernews 2.6 Example:...

Movie PHP Script 2.0 - 'init.php?anticode' Code Execution

Movie PHP Script v2.0 Remote PHP Code Execution + Discovered By SirGod + www.mortal-team.org + Remote PHP Code Execution - Vulnerable code in system/services/init.php : --------------------------------------------------------------------------------- Line 84 : @evalstripslashes$REQUEST'anticode';...

AMember 3.1.7 (XSS/SQL/HI) Multiple Remote Vulnerabilities

No description provided by source. AMember - Multiple Vulnerabilities Version Affected: 3.1.7 Apr-10-2009 newest Info: aMember is a flexible membership and subscription management PHP script. It has support for PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow, Authorize.Net, PaySystems,...

AMember 3.1.7 (XSS/SQL/HI) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ========================================================== AMember 3.1.7 XSS/SQL/HI Multiple Remote Vulnerabilities ========================================================== AMember - Multiple Vulnerabilities Version Affected: 3.1.7...

[InterN0T] AMember 3.1.7 - Multiple Vulnerabilities

AMember - Multiple Vulnerabilities Version Affected: 3.1.7 Apr-10-2009 newest Info: aMember is a flexible membership and subscription management PHP script. It has support for PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow, Authorize.Net, PaySystems, Probilling, Multicards, E-Gold and...

IceWarp WebMail SQL Injection

Advisory: IceWarp WebMail Server: SQL Injection in Groupware Component During a penetration test RedTeam Pentesting discovered multiple SQL-Injections in the IceWarp WebMail Server. Attackers that are in control of a user account for the web-based email and groupware components are able to execut...

About remote file inclusion RFI analysis-vulnerability warning-the black bar safety net

Remote file includes in you include a remote file.. usually contains the file to be used for malicious purposes The back door What is the back door And your house has the front door... that should generally be welcome Backdoor unpopular, because people usually used to do bad things. Computer...

Zubrag Smart File Download 1.3 Arbitrary File Download Vulnerability

Exploit for unknown platform in category web applications ==================================================================== Zubrag Smart File Download 1.3 Arbitrary File Download Vulnerability ====================================================================...

Zubrag Smart File Download 1.3 - Arbitrary File Download

Zubrag Smart File Download 1.3 - Arbitrary File Download --------------------------------------------------- "File Download 1.3" Remote File Download Exploit. --------------------------------------------------- By :Aodrulez. Email :[email protected] Blog :aodrulez.blogspot.com...

Zubrag Smart File Download 1.3 File Download

--------------------------------------------------- "File Download 1.3" Remote File Download Exploit. --------------------------------------------------- By :Aodrulez. Email :[email protected] Blog :aodrulez.blogspot.com. --------------------------------------------------- Script Name:File...

Zubrag Smart File Download 1.3 - Arbitrary File Download

--------------------------------------------------- "File Download 1.3" Remote File Download Exploit. --------------------------------------------------- By :Aodrulez. Email :[email protected] Blog :aodrulez.blogspot.com. --------------------------------------------------- Script Name:File...

Clan Tiger Cookie Handling

-------------------------------------------------------------- CLAN TIGER CMS MULTIPLE COOKIES HANDLING VULNERABILITIES -------------------------------------------------------------- CMS INFORMATION: --WEB: http://www.clantiger.com --DOWNLOAD: http://www.clantiger.com/download-clan-cms --DEMO:...

Geeklog SEC_authenticate Function SQL Injection

The version of Geeklog installed on the remote host fails to sanitize input to the 'username' argument of the 'SECauthenticate' function in '/system/lib-security.php' before using it to construct database queries. Regardless of PHP's 'magicquotesgpc' setting, an unauthenticated attacker can explo...

Bloginator不安全Cookie和SQL注入漏洞

BUGTRAQ ID: 34187 CVECAN ID: CVE-2009-1050,CVE-2009-1049 Bloginator是一套PHP脚本，允许用户在网站上显示、添加、编辑和删除文章。 Bloginator没有正确地验证认证cookie，远程攻击者可以通过修改identifyYourself cookie参数绕过安全限制获得非授权访问。以下是有漏洞的代码段： URL www.site.com/bloginator/articleCall.php global $name,$password,$returnLink; $pname =...

CVE-2008-6502

Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remote authenticated users to select an arbitrary local PHP script as an avatar via a .. dot dot in the avatar parameter, and cause other users to execute this script by using sendData.php to send a message to 1 an individual user o...

CVE-2008-6502

Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remote authenticated users to select an arbitrary local PHP script as an avatar via a .. dot dot in the avatar parameter, and cause other users to execute this script by using sendData.php to send a message to 1 an individual user o...

FreeNews 1.1 File Upload

Module : FREENEWS Version : 1.1 Edited by : prologin.fr Download : http://www.phpscripts-fr.net/scripts/download.php?id=688 Vulnerability : Upload vulnerability evil smiley Author : Jonathan Salwan Mail : submit AT shell-storm.org Web : http://www.shell-storm.org Proof of Concept File :...