Commentics 2.0 <= Multiple Vulnerabilities

Commentics 2.0 = Multiple Vulnerabilities Discovered by: Jean Pascal Pereira [email protected] Vendor information: "Commentics is a free, advanced PHP comment script with many features. Professionally written and with open source code, its main aims are to be integrable, customizable and secure."...

QuickBlog v0.8 CMS - Multiple Web Vulnerabilities

Title: ====== QuickBlog v0.8 CMS - Multiple Web Vulnerabilities Date: ===== 2012-05-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=567 VL-ID: ===== 567 Common Vulnerability Scoring System: ==================================== 6.5 Introduction: ============= QuickBlo...

Arbitrary File Upload/Execution in Collabtive

TITLE: Arbitrary File Upload/Execution in Collabtive DATE: 06-04-2012 PRODUCT: Collabtive Web-Based Project Management Software http://collabtive.o-dyn.de/ VERSIONS: 0.7.5, 0.6.1 confirmed. All versions = 0.7.5 probable RESEARCHER: Mark Hoopes [email protected]/ ADDITIONAL INFORMATION:...

WordPress Foxypress Plugin 'uploadify.php' Arbitrary File Upload Vulnerability

WordPress Foxypress Plugin is prone to file upload vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SN News 1.2 - 'visualiza.php' SQL Injection

\n"; echo "Example:\n"; echo "php $argv0 http://www.website.com/snnews\n"; exit; $target = $argv1; ifsubstr$target, strlen$target-1!="/" $target .= "/"; $inject = $target . "visualiza.php?id=-0'%20"; $token = uniqid; $tokenhex = hex$token; echo " Trying to get informations...\n"; $infos =...

Mnews 1.1 SQL injection

\n"; echo "Example:\n"; echo "php $argv0 http://www.website.com/mnews\n"; exit; $target = $argv1; ifsubstr$target, strlen$target-1!="/" $target .= "/"; $inject = $target . "view.php?id=-0'%20"; $token = uniqid; $tokenhex = hex$token; echo " Trying to get informations...\n"; $infos =...

Cells Blog CMS v1.1 - Multiple Web Vulnerabilities

Document Title: =============== Cells Blog CMS v1.1 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=591 Release Date: ============= 2012-06-04 Vulnerability Laboratory ID VL-ID: ==================================== 591 Comm...

Cells Blog CMS v1.1 - Multiple Web Vulnerabilities

Document Title: =============== Cells Blog CMS v1.1 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=591 Release Date: ============= 2012-06-04 Vulnerability Laboratory ID VL-ID: ==================================== 591 Comm...

Cryptographp Local File Inclusion / HTTP Response Splitting

Exploit for php platform in category web applications During a security assessment, I’ve found that my target was using Cryptographp which is a PHP script used for generate « captchas ». It was easily noticeable when I’ve found the following URL: http://WWWW/cryptographp.inc.php?cfg=XX&sn=YYYY&ZZ...

Cryptographp Local File Inclusion / HTTP Response Splitting

During a security assessment, I’ve found that my target was using Cryptographp which is a PHP script used for generate « captchas ». It was easily noticeable when I’ve found the following URL: http://WWWW/cryptographp.inc.php?cfg=XX&sn=YYYY&ZZZZ So I've decided to take a look at the source code a...

backupDB() v1.2.7a (onlyDB) Remote XSS Vulnerability

Summary backupDB is a PHP script that backs up MySQL tables and databases to a file uncompressed, gzip, bzip2 for easy daily backup. Description backupDB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to...

backupDB() v1.2.7a (onlyDB) Remote XSS Vulnerability

Exploit for php platform in category web applications backupDB v1.2.7a onlyDB Remote XSS Vulnerability Vendor: SiliSoftware Product web page: http://www.silisoftware.com Affected version: 1.2.7a-201108021626 Summary: backupDB is a PHP script that backs up MySQL tables and databases to a file...

Coupon Script v6.0 - SQL Injection Vulnerability

Document Title: =============== Coupon Script v6.0 - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=572 Release Date: ============= 2012-05-15 Vulnerability Laboratory ID VL-ID: ==================================== 572 Common...

Kerio WinRoute Firewall Web Server < 6 - Source Code Disclosure

Exploit Title: Kerio WinRoute Firewall Embedded Web ServerVersion: Source Code Disclosure Google Dork: Date: 10.05.2012 Author: Eugene Salov, Andrey Komarov Group-IB, http://group-ib.ru Software Link: http://winroute.ru/keriowinroutefirewall.htm Version: prior to 6 Tested on: Microsoft Windows CV...

. the svn directory does not have permissions to restrict the use of loopholes in the summary(including the repair program)-vulnerability warning-the black bar safety net

The existing site use. svn to do a production environment version control, however. the svn directory does not have to do the access restrictions, you can through the. svn/entries to traverse the file and directory list. In order to save energy, I wrote a php scripthttp://rains.im/?q=node/18to do...

CVE-2011-5083

Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, then accessing it via a direct request to the file in an unspecified directory...

Advanced POWER PACKED Freelancers CSRF

Exploit for php platform in category web applications Exploit Title: Advanced POWER PACKED Freelancers CSRF Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/viewscript/advanced-power-packed-freelancers-script-php/22749/ Category:: webapps Demo :...

Tube Ace(Adult PHP Tube Script) SQL Injection

Exploit for php platform in category web applications Exploit Title: Tube AceAdult PHP Tube Script SQL Injection Date: 05/02/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: Tube Ace http://www.tubeace.com Tested on: Lin...

PHP "crypt()"函数安全限制绕过漏洞

BUGTRAQ ID: 49376 CVE ID: CVE-2011-3189 PHP是一种在电脑上运行的脚本语言，主要用途是在于处理动态网页，包含了命令行运行接口或者产生图形用户界面程序。 PHP在crypt函数的实现上存在安全漏洞，攻击者可利用此漏洞绕过某些安全限制。 0 PHP PHP 5.3.7 PHP PHP 5.3.6 PHP PHP 5.3.5 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.php.net HTTP Request: ==== POST...

Paddelberg Topsite Script - Authentication Bypass

Exploit Title: Paddelberg's topsite-script admin auth bypass. Google Dork: intext:"powered by php scripte webmaster resource" Date: 8. 1. 2012 Author: Christian Inci Software Link: http://www.paddelberg.de/gratis-toplisten-script/gratis-download/ Version: = 1.23 22. 9. 2007 Tested on: 1.23 Vendor...