27 matches found
Wordpress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit
Exploit for unknown platform in category web applications ============================================================== Wordpress 2.6.1 SQL Column Truncation Admin Takeover Exploit ============================================================== !/usr/bin/php =5.2.1 you'll need to be as well, in...
Code injection
Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the 1 username, 2 password, and 3 email parameters when registering a user account, which can be executed by accessing the user's php file for this...
[Reversemode Advisory] Kaspersky Anti-Virus Privilege Escalation
Hi, Kaspersky Products are prone to a local privilege escalation. Unprivileged users can exploit this flaw in order to execute arbitrary code with Kernel privileges. Kaspersky implements its NDIS-TDI Hooking Engine using two drivers, which rely on an internal system of plugins. Plugin registering...
PHP-Fusion extract() Global Variable Overwriting
The version of PHP-Fusion on the remote host supports registering variables from user-supplied input in the event that PHP's 'registerglobals' setting is disabled, which is the default in current versions of PHP. Unfortunately, the way that this has been implemented in the version on the remote...
bingbox.txt
Bingbox.com Homepage: http://www.bingbox.com Affected files: Profile input boxes: - City input Registering Viewing Birthdays Adding a friend Viewing people online ----------------------------------------------- XSS with cookie disclosure via inviting friends:...
Cross site scripting
Cross-site scripting XSS vulnerability in Russcom Network Loginphp Russcom.Loginphp allows remote attackers to inject arbitrary web script or HTML via the username field when registering...
CVE-2006-2160
Cross-site scripting XSS vulnerability in Russcom Network Loginphp Russcom.Loginphp allows remote attackers to inject arbitrary web script or HTML via the username field when registering...