Lucene search
+L

83 matches found

Cvelist
Cvelist
added 2009/08/25 10:0 a.m.34 views

CVE-2008-7064

Directory traversal vulnerability in the getlang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "" backslash in the lang parameter to index.php,...

7.3AI score0.0319EPSS
Exploits1References8
CVE
CVE
added 2009/08/25 10:0 a.m.52 views

CVE-2008-7064

CVE-2008-7064 affects Quicksilver Forums 1.4.2 and earlier and QSF Portal before 1.4.5. The vulnerability is a directory traversal via the lang parameter in index.php that accepts a backslash () in Windows, bypassing a protection that only checks for forward slashes and can lead to including/exec...

7.5CVSS7.5AI score0.0319EPSS
Exploits1References8Affected Software1
Positive Technologies
Positive Technologies
added 2009/08/25 12:0 a.m.5 views

PT-2009-2533 · Quicksilver +1 · Quicksilver Forums +2

Name of the Vulnerable Software and Affected Versions: Quicksilver Forums versions 1.4.2 and earlier QSF Portal versions prior to 1.4.5 Description: The issue allows remote attackers to include and execute arbitrary local files via a "" backslash in the lang parameter to "index.php". This bypasse...

7.5CVSS7.2AI score0.0319EPSS
Exploits1References9
Packet Storm
Packet Storm
added 2008/11/25 12:0 a.m.28 views

quicksilverforums-rce.txt

Author: GiReX Homepage: girex.altervista.org Date: 24/11/2008 CMS: Quicksilver Forums get'lang' $lang = $this-get'lang'; if strstr$lang, '/' || !fileexists$path . 'languages/' . $lang . '.php' $lang = 'en'; include $path . 'languages/' . $lang . '.php'; As you can see, Quicksilver filter can be...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2008/11/24 12:0 a.m.11 views

Quicksilver Forums 1.4.2 (Windows) - Remote Code Execution

Quicksilver Forums 1.4.2 Windows - Remote Code Execution Author: GiReX Homepage: girex.altervista.org Date: 24/11/2008 CMS: Quicksilver Forums get'lang' $lang = $this-get'lang'; if strstr$lang, '/' || !fileexists$path . 'languages/' . $lang . '.php' $lang = 'en'; include $path . 'languages/'...

8.1AI score
Exploits0
0day.today
0day.today
added 2008/11/24 12:0 a.m.28 views

Quicksilver Forums <= 1.4.2 RCE Exploit (windows only)

Exploit for unknown platform in category web applications ====================================================== Quicksilver Forums get'lang' $lang = $this-get'lang'; if strstr$lang, '/' || !fileexists$path . 'languages/' . $lang . '.php' $lang = 'en'; include $path . 'languages/' . $lang . '.php...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2008/11/24 12:0 a.m.24 views

Quicksilver Forums 1.4.2 (Windows) - Remote Code Execution

Author: GiReX Homepage: girex.altervista.org Date: 24/11/2008 CMS: Quicksilver Forums get'lang' $lang = $this-get'lang'; if strstr$lang, '/' || !fileexists$path . 'languages/' . $lang . '.php' $lang = 'en'; include $path . 'languages/' . $lang . '.php'; As you can see, Quicksilver filter can be...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2008/08/13 12:0 a.m.24 views

quicksilver-sql.txt

?php / . vuln.: Quicksilver Forums 1.4.1 forums Remote SQL Injection Exploit . download: http://www.quicksilverforums.com/ . . author: irk4zatyahoo.pl . homepage: http://irk4z.wordpress.com/ . . greets: all friends ; . . this is PoC exploit / $host = $argv1; $path = $argv2; $prefix = "qsf"; // th...

7.4AI score
Exploits0
Prion
Prion
added 2008/08/12 7:41 p.m.19 views

Sql injection

SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action...

7.5CVSS9.1AI score0.01042EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2008/08/12 7:41 p.m.17 views

CVE-2008-3601

SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action...

7.5CVSS8.3AI score0.01042EPSS
Exploits0References5
CVE
CVE
added 2008/08/12 7:0 p.m.41 views

CVE-2008-3601

The CVE-2008-3601 entry documents a SQL injection vulnerability in Quicksilver Forums 1.4.1. The flaw is triggered in index.php during a search action, where the forums array parameter is used in an SQL query, allowing remote attackers to execute arbitrary SQL commands. Impact and affected compon...

7.5CVSS8.3AI score0.01042EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2008/08/12 7:0 p.m.22 views

CVE-2008-3601

SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action...

8.3AI score0.01042EPSS
Exploits0References5
seebug.org
seebug.org
added 2008/08/11 12:0 a.m.166 views

Quicksilver Forums 1.4.1 forums[] Remote SQL Injection Exploit

No description provided by source. ?php / . vuln.: Quicksilver Forums 1.4.1 forums Remote SQL Injection Exploit . download: http://www.quicksilverforums.com/ . . author: irk4zatyahoo.pl . homepage: http://irk4z.wordpress.com/ . . greets: all friends ; . . this is PoC exploit / $host = $argv1; $pa...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2008/08/10 12:0 a.m.11 views

Quicksilver Forums 1.4.1 - SQL Injection

Quicksilver Forums 1.4.1 - SQL Injection ?php / . vuln.: Quicksilver Forums 1.4.1 forums Remote SQL Injection Exploit . download: http://www.quicksilverforums.com/ . . author: irk4zatyahoo.pl . homepage: http://irk4z.wordpress.com/ . . greets: all friends ; . . this is PoC exploit / $host = $argv...

0.3AI score
Exploits0
0day.today
0day.today
added 2008/08/10 12:0 a.m.22 views

Quicksilver Forums 1.4.1 forums[] Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ============================================================== Quicksilver Forums 1.4.1 forums Remote SQL Injection Exploit ============================================================== ?php / . vuln.: Quicksilver Forums 1.4.1 forums Remo...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2008/08/10 12:0 a.m.43 views

Quicksilver Forums 1.4.1 - SQL Injection

?php / . vuln.: Quicksilver Forums 1.4.1 forums Remote SQL Injection Exploit . download: http://www.quicksilverforums.com/ . . author: irk4zatyahoo.pl . homepage: http://irk4z.wordpress.com/ . . greets: all friends ; . . this is PoC exploit / $host = $argv1; $path = $argv2; $prefix = "qsf"; // th...

7.4AI score
Exploits0
NVD
NVD
added 2007/10/01 8:17 p.m.17 views

CVE-2007-5171

Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified vectors...

5CVSS6.8AI score0.01186EPSS
Exploits0References4
NVD
NVD
added 2007/10/01 8:17 p.m.13 views

CVE-2007-5172

Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message...

5CVSS6.4AI score0.01218EPSS
Exploits0References4
Prion
Prion
added 2007/10/01 8:17 p.m.17 views

Design/Logic Flaw

Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified vectors...

5CVSS7.3AI score0.01186EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2007/10/01 8:17 p.m.18 views

Default credentials

Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message...

5CVSS6.9AI score0.01218EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder