Vulnerabilities в WordPress 2.0

Здравствуйте 3APA3A! Сообщаю вам о найденных мною 03.11.2006 Cross-Site Scripting уязвимостях в движке WordPress 2.0. Уязвимости в скрипте wp-register.php. XSS: POST запрос на странице http://site/wp-register.php: "scriptalertdocument.cookie/script В полях: Имя пользователя и E-Mail. Дополнительн...

CVE-2007-0864

SQL injection vulnerability in register.php in LushiWarPlaner 1.0 allows remote attackers to inject arbitrary SQL commands via the id parameter...

CVE-2007-0864

CVE-2007-0864 describes an SQL injection in register.php of LushiWarPlaner 1.0 , exploitable via the id parameter. The underlying issue is unsafe SQL construction that allows remote attackers to inject arbitrary SQL commands. Impact stated: potential data exposure or modification (partial confide...

LushiWarPlaner 1.0 (register.php) Remote SQL Injection Exploit

No description provided by source. % Response.Buffer = True % % On Error Resume Next % % Server.ScriptTimeout = 100 % % '=============================================================================================== 'Script Name: LushiWarPlaner 1.0 register.php Remote SQL Injection Exploit 'Code...

LushiWarPlaner 1.0 - 'register.php' SQL Injection

exploit2.asp 'Update: + Get Header 'Update: + Get Whois Info '=============================================================================================== % function functionControl1 setTimeout"functionControl2",2000; function functionControl2 ifdocument.form1.field1.value=="" alert"Exploit...

LushiWarPlaner 1.0 (register.php) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ============================================================== LushiWarPlaner 1.0 register.php Remote SQL Injection Exploit ============================================================== exploit2.asp 'Update: + Get Header 'Update: + Get...

LushiWarPlaner 1.0 - register.php SQL Injection

LushiWarPlaner 1.0 - register.php SQL Injection exploit2.asp 'Update: + Get Header 'Update: + Get Whois Info '=============================================================================================== % function functionControl1 setTimeout"functionControl2",2000; function functionControl2...

CVE-2007-0769

Cross-site scripting XSS vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly...

CVE-2007-0769

Cross-site scripting XSS vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly...

CVE-2007-0769

Phorum 5.1.18 contains an XSS vulnerability in register.php (CVE-2007-0769). The vulnerability is described as allowing remote attackers to inject arbitrary scripts/HTML via unspecified vectors. The vendor disputes the flaw, stating that characters are escaped properly. Public details do not spec...

PT-2007-2135 · Extcalendar · Extcalendar

Name of the Vulnerable Software and Affected Versions: ExtCalendar versions 2 and earlier Description: The issue allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to...

Phorum < 5.1.19 register.php XSS

Binary data 3898.prm...

indexu-xss.txt

vulnerability script indexu all versions Found by :SwEET-DeViL & viP HaCkEr & HaCkEr sUn TeaM AL-GaRNi Application : indexu version : all versions URL : http://www.nicecoder.com/ google : "Powered by INDEXU 5." Exploits : |//1\| in upgrade.php...

vulnerability script indexu all versions

vulnerability script indexu all versions Found by :SwEET-DeViL & viP HaCkEr & HaCkEr sUn TeaM AL-GaRNi Application : indexu version : all versions URL : http://www.nicecoder.com/ google : "Powered by INDEXU 5." Exploits : |//1| in upgrade.php...

CVE-2006-4580

The CVE concerns The Address Book 1.04e: register.php allows remote attackers to bypass the 'Allow User Self-Registration' setting by supplying mode=confirm, enabling creation of arbitrary users. This is a client-side/configuration abuse affecting user provisioning, with the root cause described ...

phpCC 4.2 beta (base_dir) Remote File Inclusion Vulnerability

No description provided by source. SolpotCrew Community phpCC - Beta 4.2 basedir Remote File Inclusion Download file : http://www.phpcc.at/downloadfile1.html Bug Found By :Solpot a.k.a k. Hasibuan 06-08-2006 contact: [email protected] Website : http://www.solpotcrew.org/adv/solpot-adv-05.tx...

Woltlab Burning Board 2.3.X XSS Vulnerability &#40;0-Day&#41; FIXED VERSION

Woltlab Burning Board 2.3.X "register.php" XSS Vulnerability ==- Release Status -== Released 30.11.2006 ==- Vendor Status -== The vendor hasn't been contacted yet. ==- Found by: -== 666 www.SR-Crew.org ==- Vulnerability: -== register.php | Near line 162 ------------------------------------------ ...

CVE-2006-6168

tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email."...

CVE-2006-6168

CVE-2006-6168 affects TikiWiki (tiki-register.php) versions before 1.9.7. The issue arises from insufficient validation of the email field, allowing remote attackers to trigger “notification-spam” via vectors such as a comma-separated list of addresses. The NVD lists a base score of 7.5 (HIGH) wi...

CVE-2006-6168

tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email."...