EUVD-2001-1315

Malware in sbrugna...

EUVD-2005-4474

Malware in sbrugna...

EUVD-2005-2258

Malware in sbrugna...

PHPSlash 0.5.3 2/0.6.1 URL Block Arbitrary File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2724/info PHPSlash is a widely used open source Groupware utility. PHPSlash contains a vulnerability which may disclose files readable to the webserver process on the underlying host to PHPSlash users who can 'edit' URL...

PHPSlash 0.8.1 Article.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16021/info phpSlash is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could...

Immunity Canvas: PHPSLASH_RCE

Name| phpslashrce ---|--- CVE| CVE-2009-0517 Exploit Pack| CANVAS Description| PHPSlash = 0.8.1.1 Remote Code Execution Notes| CVE Name: CVE-2009-0517 VENDOR: http://sourceforge.net/projects/phpslash/ Repeatability: Infinite CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-0517...

CVE-2009-0517

CVE-2009-0517 affects phpSlash 0.8.1.1 and earlier. The flaw is an eval()-based injection where unvalidated input in the fields parameter is passed to eval() inside tz_env.class, enabling remote PHP code execution with the web server’s privileges. Impact is described as complete impacts to confid...

phpslash <= 0.8.1.1 Remote Code Execution Exploit

!/usr/bin/php -q ?php This file requires the PhpSploit class. If you want to use this class, the latest version can be downloaded from acid-root.new.fr. phpslash = 0.8.1.1 Remote Code Execution Exploit - - - - - - - - - - - - - - - - - - - - - - - - - RCE with no special rights guest. No special...

phpSlash fields Parameter PHP Code Injection

The remote host is running phpSlash, a PHP weblog and content management system that started out as a port of the Perl code used to power Slashdot.org. The installed version of phpSlash fails to validate user-supplied input to the 'fields' parameter of the 'index.php' script before using it to ca...

phpslash 0.8.1.1 Code Execution

!/usr/bin/php -q agent 'Mozilla Firefox' ; // Hey ya : head; // Target $url = getp 'url', true ; // Proxy options $prh = getp 'proxhost' ; $pra = getp 'proxauth' ; // Use a proxy ? if $prh // host:ip $web-proxy $prh ; // Authentication if $pra $web-proxyauth $pra ; // Single quote bypass $byp =...

PHPSlash 0.8.1.1 - Remote Code Execution

!/usr/bin/php -q agent 'Mozilla Firefox' ; // Hey ya : head; // Target $url = getp 'url', true ; // Proxy options $prh = getp 'proxhost' ; $pra = getp 'proxauth' ; // Use a proxy ? if $prh // host:ip $web-proxy $prh ; // Authentication if $pra $web-proxyauth $pra ; // Single quote bypass $byp =...

CVE-2005-4479

SQL injection vulnerability in article.php in phpSlash 0.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the storyid parameter...

CVE-2005-4479

CVE-2005-4479 describes a SQL injection vulnerability in the PHP-based CMS/phpSlash, affecting version 0.8.1 and earlier. The vulnerability exists in article.php where the story_id parameter can be manipulated to cause arbitrary SQL commands to be executed by a remote attacker. The consequence is...

phpSlash SQL vuln.

phpSlash SQL vuln. Vuln. discovered by : r0t Date: 21 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/phpslash-sql-vuln.html vendor:http://www.php-slash.org/ affected version:0.8.1 and prior Product Description: phpSlash is a CMS that provides an easy and flexible means to publish...

PHPSlash 0.8.1 - 'article.php' SQL Injection

source: https://www.securityfocus.com/bid/16021/info phpSlash is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the...

[EXPL] phpSlash Account Hijacking (Exploit)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

CVE-2005-2257

PhpSlash 0.8.0 is affected by a vulnerability in the saveProfile function that allows remote attackers to modify arbitrary profiles and gain privileges by changing the author_id parameter. The available sources (CVE/NVD) describe the flaw and its impact as complete confidentiality, integrity, and...

CVE-2005-2257

The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the authorid parameter...

CVE-2005-2257

The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the authorid parameter...

[SA15936] phpSlash "author_id" User Profile Manipulation Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...