EUVD-2005-2258

Malware in sbrugna...

EUVD-2005-4474

Malware in sbrugna...

EUVD-2001-1315

Malware in sbrugna...

PHPSlash 0.8.1 Article.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16021/info phpSlash is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could...

PHPSlash 0.5.3 2/0.6.1 URL Block Arbitrary File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2724/info PHPSlash is a widely used open source Groupware utility. PHPSlash contains a vulnerability which may disclose files readable to the webserver process on the underlying host to PHPSlash users who can 'edit' URL...

Immunity Canvas: PHPSLASH_RCE

Name| phpslashrce ---|--- CVE| CVE-2009-0517 Exploit Pack| CANVAS Description| PHPSlash = 0.8.1.1 Remote Code Execution Notes| CVE Name: CVE-2009-0517 VENDOR: http://sourceforge.net/projects/phpslash/ Repeatability: Infinite CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-0517...

CVE-2009-0517

CVE-2009-0517 affects phpSlash 0.8.1.1 and earlier. The flaw is an eval()-based injection where unvalidated input in the fields parameter is passed to eval() inside tz_env.class, enabling remote PHP code execution with the web server’s privileges. Impact is described as complete impacts to confid...

phpslash <= 0.8.1.1 Remote Code Execution Exploit

!/usr/bin/php -q ?php This file requires the PhpSploit class. If you want to use this class, the latest version can be downloaded from acid-root.new.fr. phpslash = 0.8.1.1 Remote Code Execution Exploit - - - - - - - - - - - - - - - - - - - - - - - - - RCE with no special rights guest. No special...

phpSlash fields Parameter PHP Code Injection

The remote host is running phpSlash, a PHP weblog and content management system that started out as a port of the Perl code used to power Slashdot.org. The installed version of phpSlash fails to validate user-supplied input to the 'fields' parameter of the 'index.php' script before using it to ca...

phpslash 0.8.1.1 Code Execution

!/usr/bin/php -q agent 'Mozilla Firefox' ; // Hey ya : head; // Target $url = getp 'url', true ; // Proxy options $prh = getp 'proxhost' ; $pra = getp 'proxauth' ; // Use a proxy ? if $prh // host:ip $web-proxy $prh ; // Authentication if $pra $web-proxyauth $pra ; // Single quote bypass $byp =...

PHPSlash 0.8.1.1 - Remote Code Execution

!/usr/bin/php -q agent 'Mozilla Firefox' ; // Hey ya : head; // Target $url = getp 'url', true ; // Proxy options $prh = getp 'proxhost' ; $pra = getp 'proxauth' ; // Use a proxy ? if $prh // host:ip $web-proxy $prh ; // Authentication if $pra $web-proxyauth $pra ; // Single quote bypass $byp =...

CVE-2005-4479

SQL injection vulnerability in article.php in phpSlash 0.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the storyid parameter...

CVE-2005-4479

CVE-2005-4479 describes a SQL injection vulnerability in the PHP-based CMS/phpSlash, affecting version 0.8.1 and earlier. The vulnerability exists in article.php where the story_id parameter can be manipulated to cause arbitrary SQL commands to be executed by a remote attacker. The consequence is...

phpSlash SQL vuln.

phpSlash SQL vuln. Vuln. discovered by : r0t Date: 21 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/phpslash-sql-vuln.html vendor:http://www.php-slash.org/ affected version:0.8.1 and prior Product Description: phpSlash is a CMS that provides an easy and flexible means to publish...

PHPSlash 0.8.1 - 'article.php' SQL Injection

source: https://www.securityfocus.com/bid/16021/info phpSlash is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the...

[EXPL] phpSlash Account Hijacking (Exploit)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

CVE-2005-2257

The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the authorid parameter...

CVE-2005-2257

PhpSlash 0.8.0 is affected by a vulnerability in the saveProfile function that allows remote attackers to modify arbitrary profiles and gain privileges by changing the author_id parameter. The available sources (CVE/NVD) describe the flaw and its impact as complete confidentiality, integrity, and...

CVE-2005-2257

The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the authorid parameter...

[SA15936] phpSlash "author_id" User Profile Manipulation Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...