100 matches found
phpAuction 3.2 - lan Remote File Inclusion
phpAuction 3.2 - lan Remote File Inclusion source: https://www.securityfocus.com/bid/36211/info phpAuction is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and th...
phpAuction 3.2 - 'lan' Remote File Inclusion
source: https://www.securityfocus.com/bid/36211/info phpAuction is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the computer; other attacks are also possible...
CVE-2008-6999
phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function...
CVE-2008-7000
PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: this might be related to CVE-2005-2255.1...
Remote file inclusion
PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: this might be related to CVE-2005-2255.1...
Information disclosure
phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function...
CVE-2008-7000
CVE-2008-7000 documents a PHP remote file inclusion in PHPAuction 3.2. The flaw allows an attacker to execute arbitrary PHP code by supplying a URL in the lan parameter to index.php (and possibly related files), enabling code inclusion from a remote or local source. The note suggests a possible r...
CVE-2008-7000
PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: this might be related to CVE-2005-2255.1...
CVE-2008-6999
CVE-2008-6999 – Details : Affects phpAuction 3.2, and possibly 3.3.0 GPL Basic edition. The vulnerability arises when an exposed script (phpinfo.php) directly calls phpinfo(), enabling remote attackers to obtain configuration information. Vulnerability type : information disclosure via an exposed...
CVE-2008-6999
phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function...
Sql injection
SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced 2.51 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2008-3487
SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced 2.51 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2008-3487
SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced 2.51 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2008-3487
PHPAuction GPL Enhanced 2.51 is affected by a SQL injection in profile.php via the id parameter, allowing remote execution of arbitrary SQL commands. The root cause is input unsanitized in the id parameter; CVSSv2 base score 7.5 (HIGH) reflects network access, low attack complexity, no authentica...
PHPAuction GPL Enhanced 'profile.php' SQL注入漏洞
BUGTRAQ ID: 30501 CNCAN ID:CNCAN-2008080426 PHPAuction GPL Enhanced是一款基于PHP的WEB应用程序。 PHPAuction GPL Enhanced不正确处理用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可能获得敏感信息或操作数据库。 问题由于'profile.php'脚本对用户提交给'id'参数缺少过滤,构建恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 PHPAuctions.info PHPAuction GPL Enhanced 2.51 目前没有解决方案提供:...
PHPAuction GPL Enhanced 2.51 (profile.php) SQL Injection Vulnerability
No description provided by source. || | | PHPAuction GPL Enhanced V2.51 profile.php id Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | | | script :...
phpAuction GPL Enhanced 2.51 - profile.php SQL Injection
phpAuction GPL Enhanced 2.51 - profile.php SQL Injection || | | PHPAuction GPL Enhanced V2.51 profile.php id Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | ...
phpauctiongpl-sql.txt
|| | | PHPAuction GPL Enhanced V2.51 profile.php id Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | | | script : http://phpauctions.info/ | | DorK : /: ||...
PHPAuction GPL Enhanced 2.51 (profile.php) SQL Injection Vulnerability
Exploit for unknown platform in category web applications ====================================================================== PHPAuction GPL Enhanced 2.51 profile.php SQL Injection Vulnerability ====================================================================== || | | PHPAuction GPL Enhanc...
phpAuction GPL Enhanced 2.51 - 'profile.php' SQL Injection
|| | | PHPAuction GPL Enhanced V2.51 profile.php id Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | | | script : http://phpauctions.info/ | | DorK : /: ||...