237 matches found
CVE-2006-4782
src/index.php in WebSPELL 4.01.01 and earlier, when registerglobals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php...
CVE-2006-4783
SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter...
CVE-2006-4783
WebSPELL 4.01.01 and earlier are affected by an SQL injection in squads.php when register_globals is enabled. The vulnerability allows remote attackers to inject arbitrary SQL via the squadID parameter, enabling unauthorized database commands. The available sources confirm the affected file and p...
CVE-2006-4782
Technical details for CVE-2006-4782 are not provided in the connected documents. Monitor for updates.
webspell.txt
WebSPELL = 4.01.01 Accessible Database Backup Download Exploit Discovered by: Trex Visit: www.SecuritySector.org / www.UnderGround.ag Exploit: http://SITE/PATH/admin/database.php?action=write&userID=1 Solution: http://cms.webspell.org/index.php?site=files&file=15...
webSPELL <= 4.01.01 Database Backup Download Vulnerability
No description provided by source. WebSPELL = 4.01.01 Accessible Database Backup Download Exploit Discovered by: Trex Visit: www.SecuritySector.org / www.UnderGround.ag Exploit: http://SITE/PATH/admin/database.php?action=write&userID=1 Solution: http://cms.webspell.org/index.php?site=files&file=1...
webSPELL 4.01.01 - Database Backup Download
webSPELL 4.01.01 - Database Backup Download WebSPELL = 4.01.01 Accessible Database Backup Download Exploit Discovered by: Trex Visit: www.SecuritySector.org / www.UnderGround.ag Exploit: http://SITE/PATH/admin/database.php?action=write&userID=1 Solution:...
webSPELL <= 4.01.01 Database Backup Download Vulnerability
Exploit for unknown platform in category web applications ========================================================== webSPELL = 4.01.01 Database Backup Download Vulnerability ========================================================== WebSPELL = 4.01.01 Accessible Database Backup Download Exploit...
webSPELL 4.01.01 - Database Backup Download
WebSPELL = 4.01.01 Accessible Database Backup Download Exploit Discovered by: Trex Visit: www.SecuritySector.org / www.UnderGround.ag Exploit: http://SITE/PATH/admin/database.php?action=write&userID=1 Solution: http://cms.webspell.org/index.php?site=files&file=15 milw0rm.com 2006-09-12...
CVE-2006-0728
SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the titleop parameter...
Sql injection
SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the titleop parameter...
CVE-2006-0728
SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the titleop parameter...
CVE-2006-0728
CVE-2006-0728 affects webSPELL (search.php) 4.01.00 and earlier. The vulnerability is an SQL injection via the title_op parameter, allowing remote attackers to inject arbitrary SQL commands. Impact is listed as partial confidentiality, integrity, and availability with a high base score. No remedi...
[SA18885] webSPELL "search.php" SQL Injection Vulnerability
TITLE: webSPELL "search.php" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA18885 VERIFY ADVISORY: http://secunia.com/advisories/18885/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: webSPELL 4.x http://secunia.com/product/8086/ DESCRIPTION: x128 has...
webSPELL <= 4.01 (title_op) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ======================================================== webSPELL = 4.01 titleop Remote SQL Injection Exploit ======================================================== ? errorreportingEERROR; function xssinit if !extensionloaded'phpcurl' if...
webSPELL <= 4.01 (title_op) Remote SQL Injection Exploit
No description provided by source. ? errorreportingEERROR; function xssinit if !extensionloaded'phpcurl' if !dl'curl.so' and !dl'phpcurl.so' and !dl'phpcurl.dll' die "oo error - cannot load curl extension!"; function xssheader echo...
webSPELL 4.01 - 'title_op' SQL Injection
x128.net oo website : www.x128.net"; function xssexploit $xsstarget = $SERVER'argv'1 . "/index.php"; $xsshttpge...