937 matches found
Уязвимость в Shop-Script 2.0
Продукт:Shop-Script Версия: 2.0 Опасность:Высокая Тип уязвимости:Межсайтовый скриптинг & Sql-injection Описание: Плохая фильтрация входящих параметров. Примеры: www.target.com/index.php?categoryID=3Cscript3Ealert3C/script3E www.target.com/index.php?categoryID=' Узвимость нашёл: k00p3r...
aspReadySQL.txt
The free, open source project called "aspReady FAQ" is open for SQL-injection. This results is admin access with the ability change/delete the entire database. An example on SQL-inject that works could be: 1'or'1'='1 After doing a google search, I've found out that some companies are actually usi...
[BuHa-Security] Multiple vulnerabilities in (admincp/modcp of) vBulletin 3.0.8/9
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 --------------------------------------------------- | BuHa Security-Advisory 3 | Sep 17th, 2005 | | feat. SePro Bugtraq | | --------------------------------------------------- | Vendor | vBulletin | | URL | http://vbulletin.com/ | | Version | =...
PaFileDB 3.1 - SQL-Injection
SePro Advisory 5 PaFileDB 3.1 - SQL-Injection =========================================================== Vendor: PhpArena URL: http://www.phparena.net/ Date: 17.08.05 App.: PaFileDB Version: 3.1 Type: SQL-Injection Risc: High Credits: ================================ Newangels &...
PaFileDB31SQL.txt
SePro Advisory 5 PaFileDB 3.1 - SQL-Injection =========================================================== Vendor: PhpArena URL: http://www.phparena.net/ Date: 17.08.05 App.: PaFileDB Version: 3.1 Type: SQL-Injection Risc: High Credits: ================================ Newangels &...
wordpress15sql.txt
--------------------------------------------------- | BuHa Security-Advisory 1 | May 17th, 2005 | --------------------------------------------------- | Vendor | Wordpress | | URL | http://wordpress.org/ | | Version | getvar"SELECT pingstatus FROM $wpdb-posts WHERE ID = $tbid"; Example: I converte...
pluggedBlog.txt
Plugged-Blog XSS and SQL-Injection flaw & Remove Admin vendor url: http://www.pluggedout.com advisory: http://falcondeoro.blogspot.com/2005/07/plugged-blog-xss-and-sql-injection.html vendor notify: yes exploit available: yes Plugged-Blog is a CMS WebBlog-Portal content management systen, theinsta...
[BuHa Security] Wordpress SQL-Injection
--------------------------------------------------- | BuHa Security-Advisory 1 | May 17th, 2005 | --------------------------------------------------- | Vendor | Wordpress | | URL | http://wordpress.org/ | | Version | = Wordpress 1.5 | | Risk | Moderate SQL-Injection |...
Woltlab Burning Board <= 2.3.1 register.php SQL-Injection Exploit
Exploit for unknown platform in category web applications ================================================================= Woltlab Burning Board $addr, PeerPort = $port, Proto = 'tcp', Timeout = 8 or die'- Could not connect to server'; if&test$i, 96 buchstabe formy $c=...
[SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05)
SePro Bugtraq WBB Portal - JGS-Portal = 3.0.2 - Multiple Vulnerabilities 09.05.05 Vendor: JGS-XA URL: http://www.jgs-xa.de/ Version: = 3.0.2 Type: SQL-Injections, XSS and Full Path Disclosures Discovered by deluxe89 and the Security-Project Team Description: ------------------------- The JGS-Port...
FishCart 3.1 - display.php?nlst Cross-Site Scripting
FishCart 3.1 - display.php?nlst Cross-Site Scripting source: https://www.securityfocus.com/bid/13499/info FishCart is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input. A successful exploit of the...
FishCart 3.1 - upstracking.php Multiple Cross-Site Scripting Vulnerabilities
FishCart 3.1 - upstracking.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/13499/info FishCart is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input. A successf...
SQL-injections in koobi-cms
SQL-injections in koobi-cms 4.2.3 The program: koobi-cms Homepage: http://www.dream4.de/ Vulnerable Versions: 4.2.3 Has found: CENSORED SVT 28.04.05 The description --------------- Vulnerability has been found in parameter page. In koobi-cms it Refers to - p. Data transferred to this parameter no...
phpBB - Knowledge Base MOD - SQL-Injection and Full Path Disclosure
phpBB - Knowledge Base MOD SQL-Injection vulnerability and Full Path Disclosure Discovered by R and deluxe89 Discussion: The phpbb - Knowledge Base MOD has a relatively hard to exploit SQL-Injection vulnerability. However, an attacker can exploit this bug and receive informations from the databas...
Azerbaijan Development Group AzDGDatingPlatinum 1.1.0 - view.php?id Cross-Site Scripting
Azerbaijan Development Group AzDGDatingPlatinum 1.1.0 - view.php?id Cross-Site Scripting source: https://www.securityfocus.com/bid/13082/info AzDGDatingPlatinum is reported prone to multiple vulnerabilities. The following specific issues were identified: - Multiple SQL-injection vulnerabilities...
PerlDesk 1.x SQL-Injection Exploit
No description provided by source. !/usr/bin/perl Example: kb.cgi?view=0 UNION SELECT 1,3,password,username,3,7 FROM users Exploit is attached. ./pde.pl www.internethosting4u.com /perldesk/kb.cgi 148.244.150.58:80 use IO::Socket; print ' PerlDesk exploit Usage: ./pdsploit.pl host path proxy...
PerlDesk 1.x SQL-Injection Exploit
Exploit for cgi platform in category web applications ================================== PerlDesk 1.x SQL-Injection Exploit ================================== !/usr/bin/perl Example: kb.cgi?view=0 UNION SELECT 1,3,password,username,3,7 FROM users Exploit is attached. ./pde.pl...