1732 matches found
PHP-Nuke Kleinanzeigen Module - 'lid' SQL Injection
source: https://www.securityfocus.com/bid/30577/info The Kleinanzeigen module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
PHP-Nuke Book Catalog模块 SQL注入漏洞
BUGTRAQ ID: 30511 CNCAN ID:CNCAN-2008080427 PHP-Nuke Book Catalog是一款基于PHP的WEB应用程序。 PHP-Nuke Book Catalog不正确处理用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可能获得敏感信息或操作数据库。 问题由于脚本对用户提交给'catid'参数缺少过滤,构建恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 Basis Consultant Book Catalog 1.0 目前没有解决方案提供:...
PHP-Nuke Book Catalog Module 1.0 - 'catid' SQL Injection
source: https://www.securityfocus.com/bid/30511/info The Book Catalog module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
PHP-Nuke Book Catalog Module 1.0 - catid SQL Injection
PHP-Nuke Book Catalog Module 1.0 - catid SQL Injection source: https://www.securityfocus.com/bid/30511/info The Book Catalog module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this...
CVE-2008-3151
SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showdvd action...
Sql injection
SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showdvd action...
CVE-2008-3151
SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showdvd action...
CVE-2008-3151
CVE-2008-3151 describes an SQL injection in the PHP-Nuke 4ndvddb 0.91 module. The vulnerability is triggered via the id parameter in the show_dvd action, allowing remote attackers to• execute arbitrary SQL commands• potentially access or modify data in the affected database. The available connect...
phpnukeplatinum-exec.txt
Date: 02/07/08 Note I modified a bit phpsploit for this exploit, because PHP Nuke plays with REQUESTURI var ... Requirements registerglobals=On phpreter phpreter is really easy to use: You can change mode using "mode=", with = sql, php or cmd If you want to understand how it work ... read the cod...
phpnuke4ndvddb-sql.txt
Module's Name: 4ndvddb Module's Version: 0.91 +---------------------------------------+ | SQL Injection Vulnerability PHP-NUKE | Module's Name: 4ndvddb | Module's Version: 0.91 | | found by lovebug | | RBT-4 | www.rbt-4.net +---------------------------------------+ vuln:...
PHP-NUKE SQL Module's Name 4ndvddb
Module's Name: 4ndvddb Module's Version: 0.91 +---------------------------------------+ | SQL Injection Vulnerability PHP-NUKE | Module's Name: 4ndvddb | Module's Version: 0.91 | | found by lovebug | | RBT-4 | www.rbt-4.net +---------------------------------------+ vuln:...
Insufficient Anti-automation vulnerability in RavenNuke
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Insufficient Anti-automation уязвимости в RavenNuke порте PHP-Nuke. Insufficient Anti-Automation: Уязвимость в капче системы. Эксплоит: http://websecurity.com.ua/uploads/2008/RavenNuke20CAPTCHA20bypass.html Уязвима версия RavenNuke 2.20.01 и...
PHP-Nuke 4ndvddb 0.91 Module - id SQL Injection
PHP-Nuke 4ndvddb 0.91 Module - id SQL Injection source: https://www.securityfocus.com/bid/30120/info The '4ndvddb' module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue cou...
PHP-Nuke 4ndvddb 0.91 Module - 'id' SQL Injection
source: https://www.securityfocus.com/bid/30120/info The '4ndvddb' module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
PHP Nuke Platinium <= 7.6.b.5 Remote Code Execution Exploit
PHP Nuke Platinium = 7.6.b.5 Remote Code Execution Exploit Author: Charles "real" F. charlesfolathotmail.fr Date: 02/07/08 http://realn.free.fr/releases/57150 Thanks, Charles "real" F...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke 8.1.1 Discontrol - automation protection bypass...
Insufficient Anti-automation vulnerability in PHP-Nuke Discontrol
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Insufficient Anti-automation уязвимости в PHP-Nuke Discontrol порте PHP-Nuke. Insufficient Anti-Automation: Уязвимость в капче системы. Эксплоит: http://websecurity.com.ua/uploads/2008/PHP-Nuke20Discontrol20CAPTCHA20bypass.html Уязвима версия...
PHP-Nuke Platinium <= 7.6.b.5 Remote Code Execution Exploit
Exploit for unknown platform in category web applications =========================================================== PHP-Nuke Platinium ", with = sql, php or cmd If you want to understand how it work ... read the code. You can take look to unchunk function, because I think you were many with thi...
PHP-Nuke Platinium 7.6.b.5 - Remote Code Execution
Date: 02/07/08 Note I modified a bit phpsploit for this exploit, because PHP Nuke plays with REQUESTURI var ... Requirements registerglobals=On phpreter phpreter is really easy to use: You can change mode using "mode=", with = sql, php or cmd If you want to understand how it work ... read the cod...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke: Crossite Scripting. ExpressionEngine: Crossite scripting...