Information disclosure

WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message...

WysGui CMS 1.2b (Insecure Cookie Handling) Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH!...

Q-News 2.0 - Remote Command Execution

Q-News 2.0 - Remote Command Execution Author = FireShot , Jacopo Vuga. Mail = fireshotautisticiorg Vulnerability = Remote Command Execution Software = q-news 2.0 Download = http://ovh.dl.sourceforge.net/sourceforge/php-box/2.0nologin.zip Greets to = Osirys for his friendship and his tips, Myral,...

Q-News 2.0 - Remote Command Execution

Author = FireShot , Jacopo Vuga. Mail = fireshotautisticiorg Vulnerability = Remote Command Execution Software = q-news 2.0 Download = http://ovh.dl.sourceforge.net/sourceforge/php-box/2.0nologin.zip Greets to = Osirys for his friendship and his tips, Myral, str0ke CODE " print "Cannot write to...

SilverNews 2.04 (Auth Bypass/LFI/RCE) Multiple Vulnerabilities

No description provided by source. 0x01 Informations: Name : SilverNews 2.04 Download : http://www.silver-scripts.de/scripts.php?script=SilverNews&l=en Vulnerability : Auth Bypass\LFI\RCE Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is...

SilverNews 2.04 (Auth Bypass/LFI/RCE) Multiple Vulnerabilities

Exploit for unknown platform in category web applications ============================================================== SilverNews 2.04 Auth Bypass/LFI/RCE Multiple Vulnerabilities ============================================================== 0x01 Informations: Name : SilverNews 2.04 Download :...

Code injection

Static code injection vulnerability in installation/setup.php in phpCollab 2.5 rc3 and earlier allows remote authenticated administrators to inject arbitrary PHP code into include/settings.php via the URI...

2532|Gigs 1.2 Stable LFI / File Upload Vulnerabilities

START 0x01 Informations: Script : 2532|Gigs v1.2 Stable Download : http://www.hotscripts.com/jump.php?listingid=65863&jumptype=1 Dork : Powered by 2532|Gigs v1.2.2 Vulnerability : Local File Inclusion / Remote File Upload Author : Osirys Contact : osirysatlivedotit Website : http://osirys.org Not...

2532|Gigs 1.2.2 Stable Multiple Remote Vulnerabilities

No description provided by source. START 0x01 Informations: Script : 2532|Gigs v1.2 Stable Download : http://www.hotscripts.com/jump.php?listingid=65863&jumptype=1 Dork : Powered by 2532|Gigs v1.2.2 Vulnerability : Local File Inclusion / Remote File Upload Author : Osirys Contact :...

CVE-2008-5434

Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the 1 orderby or 2 direction parameter to admin/users.php, or 3 configuration options to admin/settings.php...

Sql injection

Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the 1 orderby or 2 direction parameter to admin/users.php, or 3 configuration options to admin/settings.php...

CVE-2008-5434

Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the 1 orderby or 2 direction parameter to admin/users.php, or 3 configuration options to admin/settings.php...

PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure

--------------------------------------------------------------- / | | / | / |/ | | |/ | | / | | | | | |/ | | // | || | ||| /| / / | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...

CVE-2007-5593

install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified...

CVE-2007-5593

install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified...

Design/Logic Flaw

install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified...

CVE-2007-5593

install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified...

Sql injection

Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to 1 account-inbox.php, 2 account-settings.php, and possibly 3 backend/functions.php...

CVE-2007-4290

Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the scriptroot parameter to 1 delete.php, 2 edit.php, or 3 inc/common.inc.php; or 4 database.php, 5 entries.php, 6 index.php, 7 logout.php, or 8 settings.ph...

Drupal core - Multiple cross site scripting vulnerabilities

Some server variables are not escaped consistently. When a malicious user is able to entice a victim to visit a specially crafted link or webpage, arbitrary HTML and script code can be injected and executed in the context of the victim's session on the targeted website. Custom content type names...