Simpli Easy Newsletter 4.2 Cross Site Scripting

Simpli Easy AFC Simple Newsletter " method="post" Proof-of-concept: http://www.example.com/cp.php?do="alert1 2. Information Leakage By default, application saves subscribed email addresses and correspondent IP addresses to plain text file el.txt Proof-of-concept: http://www.example.com/el.txt...

Simpli Easy (AFC Simple) Newsletter <= 4.2 XSS/Information Leakage

Exploit for php platform in category web applications ==================================================================== Simpli Easy AFC Simple Newsletter " method="post" Proof-of-concept: http://www.example.com/cp.php?do="alert1 2. Information Leakage By default, application saves subscribed...

Simpli Easy (AFC Simple) NewsLetter 4.2 - Cross-Site Scripting / Information Leakage

Simpli Easy AFC Simple Newsletter " method="post" Proof-of-concept: http://www.example.com/cp.php?do="alert1 2. Information Leakage By default, application saves subscribed email addresses and correspondent IP addresses to plain text file el.txt Proof-of-concept: http://www.example.com/el.txt...

Simpli Easy (AFC Simple) NewsLetter 4.2 - Cross-Site Scripting Information Leakage

Simpli Easy AFC Simple NewsLetter 4.2 - Cross-Site Scripting Information Leakage Simpli Easy AFC Simple Newsletter " method="post" Proof-of-concept: http://www.example.com/cp.php?do="alert1 2. Information Leakage By default, application saves subscribed email addresses and correspondent IP...

RoSPORA 1.5.0 - Remote PHP Code Injection

'; 671. $link=$SERVER'PHPSELF'."?f=".$flag."&s="; 672. 673. if !empty$plarray 674. 675. usort$plarray, createfunction'$a, $b', 'if $a'.$sort.' == $b'.$sort.' return 0; if $a'.$sort.' '.$sorttype.' $b'.$sort.' return -1; return 1;'; 676. Input parameter passed through $GET's' isn't properly...

xWeblog 2.2 Insecure Cookie Handling

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit Database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail :...

Aprox CMS Engine 6 Path Disclosure / SQL Injection

Exploit Title: Aprox CMS Engine V6 Multiple Vulnerabilities Date: 03.10.2010 Author: Stephan Sattler // http://www.solidmedia.de Software Website: http://www.aprox.de/ Software Link: http://www.aprox.de/index.php?page=d&application=zip&dateiname=AproxEnginev6 Version: 6 Vulnerability 1 Vulnerable...

VisualSite CMS 1.3 - Multiple Vulnerabilities

VisualSite CMS 1.3 - Multiple Vulnerabilities ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-25-visualsite-cms-multiple-vulnerabilities/ ''' Abysssec Inc Public Advisory Title : VisualSite...

VisualSite CMS 1.3 - Multiple Vulnerabilities

''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-25-visualsite-cms-multiple-vulnerabilities/ ''' Abysssec Inc Public Advisory Title : VisualSite CMS Multiple Vulnerabilities Affected Version :...

Month Of Abysssec Undisclosed Bugs - JMD-CMS 3.0.0.9

''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-19-jmd-cms-multiple-remote-vulnerabilities/ ''' Abysssec Inc Public Advisory Title : JMD-CMS Multiple Remote Vulnerabilities Affected Version :...

LightNEasy Cms 3.2.1 Blind SQL Injection Vulnerability

Exploit for php platform in category web applications ====================================================== LightNEasy Cms 3.2.1 Blind SQL Injection Vulnerability ====================================================== Exploit Title: LightNEasy Cms 3.2.1 Blind SQL Injection Vulnerability Date:...

LightNEasy CMS 3.2.1 - Blind SQL Injection

Exploit Title: LightNEasy Cms 3.2.1 Blind SQL Injection Vulnerability Date: 20.09.2010 Author: Stephan Sattler // Solidmedia.de Software Website: http://www.lightneasy.org/ Software Link: http://www.lightneasy.org/addons/downloads/send.php?dlid=127 Version: 3.2.1 Special Thanks to: Dominik...

Month Of Abysssec Undisclosed Bugs - Free Discussion Forum

''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-14-freediscussionforums-multiple-remote-vulnerabilities/ ''' Abysssec Inc Public Advisory Title : FreeDiscussionForums Multiple Remote...

Month Of Abysssec Undisclosed Bugs - ASP Nuke 0.80

''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | 0 " & "AND art.Archive = 0" Considering to the code, you can bro...

Month Of Abysssec Undisclosed Bugs - Rainbow Portal 2.0

''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ ''' abysssec Inc Public Advisory 1 Advisory information Title : Rainbowportal Multiple Remote Vulnerabilities Version : Rainbow 2.0 Production/Stable 2.0.0.1881e VS 2005 | VS...

Spielothek 1.6.9 Joomla Component Multiple Blind SQL Injection

Spielothek 1.6.9 Joomla Component Multiple Blind SQL Injection Name Spielothek Vendor http://www.spielban.de Versions Affected 1.6.9 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-07-31 X. INDEX I. ABOUT THE...

Ubuntu PAM MOTD File Tampering (Privilege Escalation)

No description provided by source. !/bin/sh Exploit Title: Ubuntu PAM MOTD file tampering privilege escalation Date: July 7, 2010 Author: Kristian Erik Hermansen [email protected] Software Link: http://packages.ubuntu.com/ Version: pam-1.1.0 Tested on: Ubuntu 10.04 LTS Lucid Lynx CVE :...

Nakid CMS &#40;fckeditor&#41; Remote Arbitrary File Upload Exploit

?php / ----------------------------------------------------------------- Nakid CMS fckeditor Remote Arbitrary File Upload Exploit ----------------------------------------------------------------- 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,...

Nakid CMS (fckeditor) Remote Arbitrary File Upload Exploit

Exploit for php platform in category web applications ========================================================== Nakid CMS fckeditor Remote Arbitrary File Upload Exploit ========================================================== Exploit database separated by exploit 0 0 // type local, remote, DoS...

LinPHA 1.3.2 - rotate.php Remote Command Execution

LinPHA 1.3.2 - rotate.php Remote Command Execution /'\ /\ \ /'\ /\ /\/\L\ \ \ \ ,/\ /\ \ /\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ /'\ / \ /' \ \ \ /\ /\ \ \ \ /\ \L\ /\ /\ \ \ \ \ \ \ / /\ //\ \L\ /\ /\ /\ \ \ \ \ \\ \ \ /\ \\ \\ /\ \ /\ \ /\ \ \ \ //////\ \ //...