Code injection

miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted 1 pagename or 2 area variable containing an executable extension, which is not properly handled by a update.php when writing files to content/, or b updatenews.php when writing files to content/news/...

CVE-2012-4393

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use 1 addBookmark.php, 2 delBookmark.php, or 3 editBookmark.php in bookmarks/ajax/; 4 calendar/delete.php, 5 calendar/edit.php...

MiniCMS 1.02.0 - PHP Code Injection

MiniCMS 1.02.0 - PHP Code Injection Title : miniCMS v1.0 : v2.0 php inject code Author : Or4nG.M4n Version : all version GDork : "This site is managed using MiniCMS©" Download : http://sourceforge.net/projects/mini-cms/files/mini-cms/ Thnks : +----------------------------------+ | xSs m4n i-Hmx...

CVE-2008-7186

Coppermine Photo Gallery CPG 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504...

Design/Logic Flaw

Coppermine Photo Gallery CPG 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504...

CVE-2008-7186

Coppermine Photo Gallery CPG 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504...

RSMScript 1.21 XSS/Insecure Cookie Handling Vulnerabilities

Exploit for unknown platform in category web applications =========================================================== RSMScript 1.21 XSS/Insecure Cookie Handling Vulnerabilities =========================================================== START 0x01 Informations: Script : RSMScript 1.21 Download :...

RSMScript 1.21 - Cross-Site Scripting / Insecure Cookie Handling

START 0x01 Informations: Script : RSMScript 1.21 Download : http://www.hotscripts.com/jump.php?listingid=78547&jumptype=1 Vulnerability : Insecure Cookie Handling / XXS Author : Osirys Contact : osirysatlivedotit Website : http://osirys.org Notes : Proud to be Italian Greets: : XaDoS, x0r, emgent...

RSMScript 1.21 XSS/Insecure Cookie Handling Vulnerabilities

No description provided by source. START 0x01 Informations: Script : RSMScript 1.21 Download : http://www.hotscripts.com/jump.php?listingid=78547&jumptype=1 Vulnerability : Insecure Cookie Handling / XXS Author : Osirys Contact : osirysatlivedotit Website : http://osirys.org Notes : Proud to be...

CVE-2008-4781

Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the langage parameter...

Directory traversal

Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the langage parameter...

CVE-2008-4781

A CVE-2008-4781 entry concerns a directory traversal in update.php of MyKtools 2.4. The vulnerability allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langage parameter, enabling local file inclusion and potential code execution. The affected componen...

MyKtools 2.4 (langage) Local File Inclusion Vulnerability

No description provided by source. Autor: x0r Email: evolutionteam.x0atgmaildotcom Download: http://www.easy-script.com/scripts-dl/MyKtools-v2-4.zip Bug: LFI Bug: In \update.php // Include du fichier langue if $GET'langage' $langue = $GET'langage'; include "lang/".$langue.".php"; Exploit:...

MyKtools 2.4 - langage Local File Inclusion

MyKtools 2.4 - langage Local File Inclusion Autor: x0r Email: evolutionteam.x0atgmaildotcom Download: http://www.easy-script.com/scripts-dl/MyKtools-v2-4.zip Bug: LFI Bug: In \update.php // Include du fichier langue if $GET'langage' $langue = $GET'langage'; include "lang/".$langue.".php"; Exploit...

MyKtools 2.4 - 'langage' Local File Inclusion

Autor: x0r Email: evolutionteam.x0atgmaildotcom Download: http://www.easy-script.com/scripts-dl/MyKtools-v2-4.zip Bug: LFI Bug: In \update.php // Include du fichier langue if $GET'langage' $langue = $GET'langage'; include "lang/".$langue.".php"; Exploit:...

myktools-lfi.txt

Autor: x0r Email: evolutionteam.x0atgmaildotcom Download: http://www.easy-script.com/scripts-dl/MyKtools-v2-4.zip Bug: LFI Bug: In \update.php // Include du fichier langue if $GET'langage' $langue = $GET'langage'; include "lang/".$langue.".php"; Exploit:...

Pluck CMS 4.5.3 - 'update.php' Remote File Corruption

"; copy"data/title.dat", "data/settings/title.dat"; unlink"data/settings/install.dat"; copy"data/install.dat", "data/settings/install.dat"; copy"data/options.php", "data/settings/options.php"; copy"data/pass.php", "data/settings/pass.php"; unlink"data/settings/langpref.php";...

Sql injection

Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to execute arbitrary SQL commands via 1 the from parameter to index.php or 2 the page parameter to update.php...

CVE-2007-6559

Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to execute arbitrary SQL commands via 1 the from parameter to index.php or 2 the page parameter to update.php...

Logaholic - update.php?page SQL Injection

Logaholic - update.php?page SQL Injection source: https://www.securityfocus.com/bid/27003/info Logaholic is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues, a cross-site scripting issue, and an HTML-injection issue. The issues occur because the...