22 matches found
EUVD-2005-2692
Malware in sbrugna...
qcubed PHP object injection
A PHP object injection bug in profile.php in qcubed all versions including 3.1.1 unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request...
Sql injection
The School Management System – WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injection in multiple actions available to various authenticated users, from simple subscribers/students to...
Untrusted Object Deserialization
Qcubed is vulnerable to untrusted object deserialization. An attacker is able to inject untrusted PHP object of the POST-variable “strProfileData” and execute code via a malicious POST request...
CVE-2020-9006
The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection in the sgImportPopups function in sgpopupajax.php via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary WordPress Administrator...
NetEx HyperIP Post-Auth Command Execution
Vulnerability Details Affected Vendor: NetEx Affected Product: HyperIP Affected Version: 6.1.0 Platform: Embedded Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command, CWE-250: Execution with Unnecessary Privileges Impact: Arbitrary Command...
Prediction Football 2.51 - Cross-Site Request Forgery
Prediction Football 2.51 - Cross-Site Request Forgery Exploit Title: title Google Dork: if relevant intext:"Prediction football 2.51" Date: 08/08/2011 Author: Smith Falcon Software Link: http://www.predictionfootball.com/download/download.html Version: 2.51 Tested on: Linux First create a usernam...
Pre Classifieds Listings SQL Injection
================================================================= Pre Classified Listings Remote SQL Injection Vulnerability ================================================================= Author: Crux Homepage: http://hack-tech.com Date: 2-27-2010 Software Link:...
phpMySite - Cross-Site Scripting SQL Injection
phpMySite - Cross-Site Scripting SQL Injection ================================================================= phpMySite XSS/SQLi Multiple Remote Vulnerabilities ================================================================= Author: Crux Homepage: http://hack-tech.com Date: 2-27-2010 Softwar...
Pre Classified Listings Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ========================================================== Pre Classified Listings Remote SQL Injection Vulnerability ==========================================================...
Pre Classified Listings - SQL Injection
Pre Classified Listings - SQL Injection ================================================================= Pre Classified Listings Remote SQL Injection Vulnerability ================================================================= Author: Crux Homepage: http://hack-tech.com Date: 2-27-2010 Softwa...
Jamit Job Board v.3.0 Cross Scripting Vulnerabilities
Exploit for unknown platform in category web applications ===================================================== Jamit Job Board v.3.0 Cross Scripting Vulnerabilities ===================================================== Jamit Job Board v.3.0 Cross Scripting Vulnerabilities + Exploit Title: Jamit...
Pre Classified Listings - SQL Injection
================================================================= Pre Classified Listings Remote SQL Injection Vulnerability ================================================================= Author: Crux Homepage: http://hack-tech.com Date: 2-27-2010 Software Link:...
D-Link DKVM-IP8 - Cross-Site Scripting
Exploit Title: D-LINK DKVM-IP8 XSS Vulnerability Date: 01-06-2010 Author: POPCORN Software Link: http://www.dlink.ru/ Version: 2282dlinkA4p820071213 Tested on: Windows Sp 2 Site : http://Hacking.ge Code : POST http://site.com80/auth.asp HTTP/1.0 Accept: / Content-Type:...
Huawei MT882 Modem/Router - Multiple Vulnerabilities
Version: V100R002B020 ARG-T Firmware Release: 3.7.9.98 Greets to my bests friends: DeepLook, R00T, systemfailure, Ciber34, ANDSQLiTor, LaPeke Greets to friend: Scuarplex, Crl, KiKoArg, ZeRO, DNSX, PunkiD DecodeX01atgmaildotcom Target device ip 10.0.0.2:80 default ip:port Server information...
Discuz custom template variable vulnerability-vulnerability warning-the black bar safety net
Variables : ',";ECHO ";$X=SUBSTRMD5$GET'B',2 8;IF$X=='7aaa' and$POST'A';// Replace the contents : aaaaaaaaaa Then the link The post variable b is md5 encrypted, if the first 2 8-3 1 bit is 7aaa then execute$POST'a'; Use the DZ Forum of classmates please self-check/forumdata/cache/file under...
[NOBYTES.COM: #12] osCommerce 2.2rc2a - Information Disclosure
Application: osCommerce 2.2rc2a Authors Site: http://www.oscommerce.com/ +--------------------------------------------------------------+ Information Disclosure: Manipulation of the 'DOB' Variable on createaccount.php can cause information disclosure: In this example the POST variable 'DOB' has...
sharelor-xss.txt
Sharelor file sender Cross site scripting ========================================= POST variable : http://www.fileflasher.com:80/contact.php?action=send with line below from="alert1248191921%3B malibu.r...
Fishyshoop Security Vulnerability
Synopsis ======== The Fishyshoop shopping cart software contains a vulnerability which allows arbitrary users to create accounts with administrator privileges Background ========== Fishyshoop is a suite of PHP scripts allowing anybody to create an attractive online store. Affected Versions...
squirrelmail -- _$POST variable handling allows for various attacks
A Squirrelmail Advisory reports: An extract$POST was done in optionsidentities.php which allowed for an attacker to set random variables in that file. This could lead to the reading and possible writing of other people's preferences, cross site scripting or writing files in webserver-writable...