Opial 1.0 - Arbitrary File Upload/XSS/SQL Injection Vulnerabilities

No description provided by source. ::::::::::::::::::::R3AL.RU:::::::::::::::::::: Opial 1.0 Arbitrary File Upload & XSS & SQL Injection genresparent Author: LMaster Greetz: r3al.ru Official Site with demo: http://www.opial.com --Arbitrary File Upload-- 1. Go to http://www.site.com/register.php 2...

Free Hosting Manager 2.0.2 - Multiple SQLi

No description provided by source. ------------------------------------------------------------------------- Software : Free Hosting Manager V2.0.2 Multiple SQLi Author : Saadat Ullah , [email protected] Author home : http://security-geeks.blogspot.com Date : 23/3/13 Vendors :...

LightBlog <= 9.9.2 (register.php) Remote Code Execution Exploit

No description provided by source. ? / --------------------------------------------------------------- LightBlog = 9.9.2 register.php Remote Code Execution Exploit --------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...

Qualiteam X-Cart 4.0.8 register.php mode Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. These vulnerabilities could permit remot...

vBulletin 3.0 Register.PHP HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8354/info vBulletin may be prone to an HTML injection vulnerability. This issue is exposed through inadequate sanitization of user input for certain fields within the register.php script. An attacker may exploit this issu...

Vikingboard <= 0.2 Beta 'register.php' SQL Column Truncation Unauthorized Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31408/info Vikingboard is prone to an unauthorized-access vulnerability. Successfully exploiting this issue can allow attackers to register and log in as existing users. Vikingboard 0.2 Beta is vulnerable; other versions...

CuteNews 1.4.6 register.php result Parameter XSS

No description provided by source...

YouYax论坛SQL注入漏洞

简要描述： 代码审计之SQL注入，针对这个严谨的厂商，有注入绝不能忍啊，必须是高啊。而且其他都做了addsalsh ，这个是漏的 详细说明： 问题出在register.php文件中 先说fuzz时候是怎么发现的 注册用户的时候发现在第二次注册会给出提醒 alert'注册失败，该IP地址已经使用超过了1次†'; 于是想着用XFF能不能绕过，果断添加X-Forwarded-For字段，就绕过了 然后在X-Forwarded-For这里，修改ip地址为1.1.1.1' and 1=1等等， 测试均成功，由此判断这里肯定是个注入，只不过是个盲注，在外面测试不太方便就没跑库 于是去看源码 关键代码...

CVE-2014-3871

Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 formerly GeoClassifieds and GeoAuctions allow remote attackers to execute arbitrary SQL commands via the 1 cpassword or 2 cusername parameter. NOTE: the b parameter to index.php vector is already covere...

CVE-2014-3871

CVE-2014-3871 documents multiple SQL injection vulnerabilities in Geodesic Solutions GeoCore MAX 7.3.3 (Ge oAuctions/GeoClassifieds) where remote attackers can trigger SQL commands via the register.php parameters (1) c[password] and (2) c[username]. The entry notes that the b parameter in index.p...

GeoCore MAX DB Ver. 7.3.3 - Blind SQL Injection

GeoCore MAX DB Ver. 7.3.3 - Blind SQL Injection Exploit Title: GeoCore MAX DB Ver. 7.3.3 - Time-Based Blind Injection Official site: http://geodesicsolutions.com Risk Level: High Vendor : http://geodesicsolutions.com Exploit Author: Esac Homepage author : www.iss4m.ma Last Checked: 25/04/2014...

Sql injection

Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 newsid parameter to news/send.php, 2 threadid parameter to posts/edit.php, or 3 useremail parameter to users/password.php or 4 users/register.php. NOTE: these issues were SPLIT...

Sql injection

Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 answerid or 2 questionid parameter to polls/vote.php, 3 storyid parameter to comments/add.php or 4 comments/edit.php, or 5 threadid parameter to posts/add.php. NOTE: this issue...

CVE-2013-7289

Multiple cross-site scripting XSS vulnerabilities in register.php in Andy's PHP Knowledgebase Aphpkb before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the 1 firstname, 2 lastname, 3 email, or 4 username parameter...

CVE-2013-7289

The CVE identifies multiple cross-site scripting (XSS) vulnerabilities in Andy’s PHP Knowledgebase (Aphpkb) before version 0.95.8, exploitable via the register.php endpoint. Specifically, the first_name, last_name, email, or username parameters can be injected with malicious script/HTML to affect...

Gnew 2013.1 Multipe Vulnerabilities

Gnew is a simple and open-source Content Management System. Exploit Title: Gnew 2013.1 Multipe Vulnerabilities Date: 17/04/2013 Author: Elite Trojan Category:: webapps Google dork: N/A Tested on: linux + windows IVerified XSS +Vulnerable File: /users/register.php +Vulnerable Source Code: $userema...

Free Hosting Manager 2.0.2 - Multiple SQL Injections

Free Hosting Manager 2.0.2 - Multiple SQL Injections ------------------------------------------------------------------------- Software : Free Hosting Manager V2.0.2 Multiple SQLi Author : Saadat Ullah , [email protected] Author home : http://security-geeks.blogspot.com Date : 23/3/13...

WordPress RLSWordPressSearch SQL Injection

Exploit Title : Wordpress RLSWordPressSearch plugin SQL Injection Exploit Author : Ashiyane Digital Security Team Home : ww.ashiyane.org Security Risk : MEdium - SQL Injection Dork : inurl:wp-content/plugins/RLSWordPressSearch/register.php?a=...

CVE-2012-5874

Multiple SQL injection vulnerabilities in the 1 updatewhosonlinereg and 2 updatewhosonlineguest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL commands via the PATHINFO to a checkuser.php, b groups.php, c index.php, d login.php, e quicklogin.php, f...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in asaanCart 0.9 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO to calc.php, 2 chat.php, 3 register.php, or 4 index.php in libs/smartyajax/; or the 5 page parameter to libs/smartyajax/index.php...