42 matches found
EUVD-2008-1302
Malware in sbrugna...
EUVD-2002-1866
Malware in sbrugna...
EUVD-2007-2366
Malware in sbrugna...
EUVD-2007-2367
Malware in sbrugna...
phpMyNewsLetter 0.6.10 Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5886/info A vulnerability has been discovered in phpMyNewsLetter. Reportedly, it is possible to pass an attacker-specified file include location to a CGI paramter of the 'customize.php' script. This may allow an attacker ...
phpMyNewsletter <= 0.8b5 (archives.php msg_id) SQL Injection Exploit
...
phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit
No description provided by source...
phpMyNewsletter 0.8 Cross Site Scripting
HTTPCS Advisory : HTTPCS116 Product : phpMyNewsletter Version : v0.8 Page : /admin/?page=subscribers Variables : page=VulnHTTPCS Type : XSS Method : POST Description : A vulnerability has been discovered in phpMyNewsletter, which can be exploited by malicious people to conduct cross-site scriptin...
phpmynewsletter-sql.txt
!/usr/bin/php Date: 03-10-08 Conditions: magicquotesgpc=Off This exploit gets adminpass and adminemail from pmnlconfig. / print "\n"; print " PHPMyNewsletter \n\n"; if$argc\n"; $url = $argv1; $c =...
Sql injection
SQL injection vulnerability in archives.php in Gregory Kokanosky aka Greg's Place phpMyNewsletter 0.8 beta 5 and earlier allows remote attackers to execute arbitrary SQL commands via the msgid parameter...
CVE-2008-1295
SQL injection vulnerability in archives.php in Gregory Kokanosky aka Greg's Place phpMyNewsletter 0.8 beta 5 and earlier allows remote attackers to execute arbitrary SQL commands via the msgid parameter...
CVE-2008-1295
CVE-2008-1295 impacts phpMyNewsletter 0.8 beta 5 and earlier, where archives.php is vulnerable to SQL injection via the msg_id parameter. This allows remote attackers to potentially execute arbitrary SQL commands. The connected documents confirm the vulnerability description and existence of expl...
CVE-2008-1295
SQL injection vulnerability in archives.php in Gregory Kokanosky aka Greg's Place phpMyNewsletter 0.8 beta 5 and earlier allows remote attackers to execute arbitrary SQL commands via the msgid parameter...
phpMyNewsletter <= 0.8b5 (archives.php msg_id) SQL Injection Exploit
No description provided by source. !/usr/bin/php ?php / Name: PHPMyNewsletter = 0.8b5 SQL Injection Credits: Charles "real" F. charlesfolathotmail.fr Date: 03-10-08 Conditions: magicquotesgpc=Off This exploit gets adminpass and adminemail from pmnlconfig. / print "\n"; print " PHPMyNewsletter =...
phpMyNewsletter 0.8b5 - msg_id SQL Injection
phpMyNewsletter 0.8b5 - msgid SQL Injection !/usr/bin/php Date: 03-10-08 Conditions: magicquotesgpc=Off This exploit gets adminpass and adminemail from pmnlconfig. / print "\n"; print " PHPMyNewsletter \n\n"; if$argc\n"; $url = $argv1; $c =...
phpMyNewsletter <= 0.8b5 (archives.php msg_id) SQL Injection Exploit
Exploit for unknown platform in category web applications ==================================================================== phpMyNewsletter \n\n"; if$argc\n"; $url = $argv1; $c = get$url."archives.php?msgid='%20UNION%20SELECT%201,1,adminemail,adminpass%20%20FROM%20pmnlconfig%2f%2a&listid=1";...
phpMyNewsletter 0.8b5 - 'msg_id' SQL Injection
!/usr/bin/php Date: 03-10-08 Conditions: magicquotesgpc=Off This exploit gets adminpass and adminemail from pmnlconfig. / print "\n"; print " PHPMyNewsletter \n\n"; if$argc\n"; $url = $argv1; $c =...
Code injection
admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service loss of configuration data, and possibly perform direct static code injection, via a saveGlobalconfig...
Design/Logic Flaw
admin/sendmod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier prints a Location header but does not exit when administrative credentials are missing, which allows remote attackers to compose an e-mail message via a post with the subject, message, format, and listid fields; and send...
CVE-2007-2372
admin/sendmod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier prints a Location header but does not exit when administrative credentials are missing, which allows remote attackers to compose an e-mail message via a post with the subject, message, format, and listid fields; and send...