83 matches found
CVE-2008-7064
Directory traversal vulnerability in the getlang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "" backslash in the lang parameter to index.php,...
CVE-2008-7064
CVE-2008-7064 affects Quicksilver Forums 1.4.2 and earlier and QSF Portal before 1.4.5. The vulnerability is a directory traversal via the lang parameter in index.php that accepts a backslash () in Windows, bypassing a protection that only checks for forward slashes and can lead to including/exec...
PT-2009-2533 · Quicksilver +1 · Quicksilver Forums +2
Name of the Vulnerable Software and Affected Versions: Quicksilver Forums versions 1.4.2 and earlier QSF Portal versions prior to 1.4.5 Description: The issue allows remote attackers to include and execute arbitrary local files via a "" backslash in the lang parameter to "index.php". This bypasse...
quicksilverforums-rce.txt
Author: GiReX Homepage: girex.altervista.org Date: 24/11/2008 CMS: Quicksilver Forums get'lang' $lang = $this-get'lang'; if strstr$lang, '/' || !fileexists$path . 'languages/' . $lang . '.php' $lang = 'en'; include $path . 'languages/' . $lang . '.php'; As you can see, Quicksilver filter can be...
Quicksilver Forums 1.4.2 (Windows) - Remote Code Execution
Quicksilver Forums 1.4.2 Windows - Remote Code Execution Author: GiReX Homepage: girex.altervista.org Date: 24/11/2008 CMS: Quicksilver Forums get'lang' $lang = $this-get'lang'; if strstr$lang, '/' || !fileexists$path . 'languages/' . $lang . '.php' $lang = 'en'; include $path . 'languages/'...
Quicksilver Forums <= 1.4.2 RCE Exploit (windows only)
Exploit for unknown platform in category web applications ====================================================== Quicksilver Forums get'lang' $lang = $this-get'lang'; if strstr$lang, '/' || !fileexists$path . 'languages/' . $lang . '.php' $lang = 'en'; include $path . 'languages/' . $lang . '.php...
Quicksilver Forums 1.4.2 (Windows) - Remote Code Execution
Author: GiReX Homepage: girex.altervista.org Date: 24/11/2008 CMS: Quicksilver Forums get'lang' $lang = $this-get'lang'; if strstr$lang, '/' || !fileexists$path . 'languages/' . $lang . '.php' $lang = 'en'; include $path . 'languages/' . $lang . '.php'; As you can see, Quicksilver filter can be...
quicksilver-sql.txt
?php / . vuln.: Quicksilver Forums 1.4.1 forums Remote SQL Injection Exploit . download: http://www.quicksilverforums.com/ . . author: irk4zatyahoo.pl . homepage: http://irk4z.wordpress.com/ . . greets: all friends ; . . this is PoC exploit / $host = $argv1; $path = $argv2; $prefix = "qsf"; // th...
Sql injection
SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action...
CVE-2008-3601
SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action...
CVE-2008-3601
The CVE-2008-3601 entry documents a SQL injection vulnerability in Quicksilver Forums 1.4.1. The flaw is triggered in index.php during a search action, where the forums array parameter is used in an SQL query, allowing remote attackers to execute arbitrary SQL commands. Impact and affected compon...
CVE-2008-3601
SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action...
Quicksilver Forums 1.4.1 forums[] Remote SQL Injection Exploit
No description provided by source. ?php / . vuln.: Quicksilver Forums 1.4.1 forums Remote SQL Injection Exploit . download: http://www.quicksilverforums.com/ . . author: irk4zatyahoo.pl . homepage: http://irk4z.wordpress.com/ . . greets: all friends ; . . this is PoC exploit / $host = $argv1; $pa...
Quicksilver Forums 1.4.1 - SQL Injection
Quicksilver Forums 1.4.1 - SQL Injection ?php / . vuln.: Quicksilver Forums 1.4.1 forums Remote SQL Injection Exploit . download: http://www.quicksilverforums.com/ . . author: irk4zatyahoo.pl . homepage: http://irk4z.wordpress.com/ . . greets: all friends ; . . this is PoC exploit / $host = $argv...
Quicksilver Forums 1.4.1 forums[] Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ============================================================== Quicksilver Forums 1.4.1 forums Remote SQL Injection Exploit ============================================================== ?php / . vuln.: Quicksilver Forums 1.4.1 forums Remo...
Quicksilver Forums 1.4.1 - SQL Injection
?php / . vuln.: Quicksilver Forums 1.4.1 forums Remote SQL Injection Exploit . download: http://www.quicksilverforums.com/ . . author: irk4zatyahoo.pl . homepage: http://irk4z.wordpress.com/ . . greets: all friends ; . . this is PoC exploit / $host = $argv1; $path = $argv2; $prefix = "qsf"; // th...
CVE-2007-5171
Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified vectors...
CVE-2007-5172
Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message...
Design/Logic Flaw
Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified vectors...
Default credentials
Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message...