CVE-2005-3584

Cross-site scripting XSS vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to inject arbitrary web script or HTML via the forum parameter...

CVE-2005-3585

SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the forum parameter...

CVE-2005-3584

CVE-2005-3584 is a cross-site scripting (XSS) vulnerability in PhpWebThings 1.4.4, exploitable through forum.php via the forum parameter. The underlying issue is insufficient input sanitization for that parameter, enabling remote attackers to inject arbitrary web script or HTML. The connected doc...

CVE-2005-3584

Cross-site scripting XSS vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to inject arbitrary web script or HTML via the forum parameter...

CVE-2005-3585

The connected OpenVAS entries confirm a concrete SQL injection in PhpWebThings 1.4.x through forum.php (parameter: forum). Exploitation could allow remote attackers to view usernames/password hashes and potentially gain administrative access; root cause is improper input sanitization in the forum...

CVE-2005-3585

SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the forum parameter...

PHPWebThings 1.4 - 'forum' SQL Injection

!/bin/bin/perl ----------------------------------------------------- - SQL injection in phpwebthing v 1.4.4 - Founder by Qptan & Exploting by AhLam - www.leZe.Com Only For Geek Hacker's - coded by AhLaM A.1.M|at|hotmail.com - http://www.lezr.com/vb/showthread.php?t=6557...

PHPWebThings 1.4 - 'msg'/'forum' SQL Injection

?php ---phpwebth14xpl.php 10.47 16/11/2005 PHPWebThings 1.4 "msg" and "forum" SQL injection / Administrative credentials disclosure and remote commands execution coded by rgod site: http://rgod.altervista.org based on http://secunia.com/advisories/17410/, but here we have a more chritical injecti...

PHPWebThings <= 1.4 (forum) SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================= PHPWebThings / && print "+ MD5 hash of password is: $1\n"; print "- Unable to retrieve hash of password\n" if!$1; 0day.today 2018-04-08...

PHPWebThings <= 1.4 (msg/forum) SQL Injection Exploit

Exploit for unknown platform in category web applications ===================================================== PHPWebThings = 1.4 msg/forum SQL Injection Exploit ===================================================== ?php ---phpwebth14xpl.php 10.47 16/11/2005 PHPWebThings 1.4 "msg" and "forum" SQ...

PHPWebThings 1.4 - msgforum SQL Injection

PHPWebThings 1.4 - msgforum SQL Injection ?php ---phpwebth14xpl.php 10.47 16/11/2005 PHPWebThings 1.4 "msg" and "forum" SQL injection / Administrative credentials disclosure and remote commands execution coded by rgod site: http://rgod.altervista.org based on http://secunia.com/advisories/17410/,...

PHPWebThings 1.4 - forum SQL Injection

PHPWebThings 1.4 - forum SQL Injection !/bin/bin/perl ----------------------------------------------------- - SQL injection in phpwebthing v 1.4.4 - Founder by Qptan & Exploting by AhLam - www.leZe.Com Only For Geek Hacker's - coded by AhLaM A.1.M|at|hotmail.com -...

PHPWebThings &lt;= 1.4 (forum) SQL Injection Exploit

No description provided by source. !/bin/bin/perl ----------------------------------------------------- - SQL injection in phpwebthing v 1.4.4 - Founder by Qptan & Exploting by AhLam - www.leZe.Com Only For Geek Hacker's - coded by AhLaM A.1.M|at|hotmail.com -...

PHPWebThings &lt;= 1.4 (msg/forum) SQL Injection Exploit

No description provided by source. ?php ---phpwebth14xpl.php 10.47 16/11/2005 PHPWebThings 1.4 "msg" and "forum" SQL injection / Administrative credentials disclosure and remote commands execution coded by rgod site: http://rgod.altervista.org based on http://secunia.com/advisories/17410/, but he...

phpWebThings144-2.txt

Vulnerable: phpWebThings 1.4.4 website : http://phpwebthings.org The bug in download.php ThE Exploit : http://www.target.com/download.php?file=|SQL ThE Error: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'ord...

phpWebThings download.php file Parameter SQL Injection

Binary data 3290.prm...

PHPWebThings 1.4 - &#039;download.php?File&#039; SQL Injection

source: https://www.securityfocus.com/bid/15399/info phpWebThings is prone to an SQL injection vulnerability. This is an input validation issue related to data that will be used in SQL queries, allowing a remote user to influence the structure and logic of a query. It is likely that the issue cou...

PHPWebThings 1.4 - download.php?File SQL Injection

PHPWebThings 1.4 - download.php?File SQL Injection source: https://www.securityfocus.com/bid/15399/info phpWebThings is prone to an SQL injection vulnerability. This is an input validation issue related to data that will be used in SQL queries, allowing a remote user to influence the structure an...

phpWebThings144.txt

Vulnerable: phpWebThings 1.4.4 http://phpwebthings.org The bug reside in : forum.php Exploit : http://xxx.com/forum.php?forum=XSS http://xxx.com/forum.php?forum=SQL Example : XSS http://xxx.com/forum.php?forum='alertdocument.cookie SQL For Passowrd http://xxx.com/forum.php?forum=-1 union select...

phpWebThings Multiple Scripts SQL Injection

The remote host is running the phpWebThings application framework. The version of phpWebThings installed on the remote host does not properly sanitize user input in the 'forum' and 'msg' parameters of 'forum.php' script before using it in database queries. An attacker can exploit this vulnerabili...