46 matches found
EUVD-2011-4728
Malware in sbrugna...
EUVD-2005-4230
Malware in sbrugna...
CVE-2011-4810
Multiple directory traversal vulnerabilities in WHMCompleteSolution WHMCS 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to 1 submitticket.php and 2 downloads.php, and 3 the report parameter to admin/reports.php...
CVE-2011-4813
Directory traversal vulnerability in clientarea.php in WHMCompleteSolution WHMCS 3.x.x allows remote attackers to read arbitrary files via an invalid action and a ../ dot dot slash in the templatefile parameter...
WHMCompleteSolution (WHMCS) Detection (HTTP)
HTTP based detection of WHMCompleteSolution WHMCS. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
WHMCS control (WHMCompleteSolution) SQL Injection
No description provided by source. =Info======================================================================= Software: WHMCS control WHMCompleteSolution Sql Injection Vulnerability: Remote Sql Injection Google Dork: Powered by WHMCompleteSolution - or inurl:WHMCS Off. site: www.MiXaTy.com...
WHMCompleteSolution 3.x/4.x Multiple Vulnerabilities
No description provided by source. $b0x WHMCS WHMCompleteSolution 3.x / 4.x Multiple Vulnerability ! $b0x ZxH-Labs $b0x 1st-NOV-11 $b0x Www.Sec4ever.coM $b0x WH-03 On Windows IIS 6.0 ======================================================== b0x@1337b0x:/b0x/Exploits/WebAPP whoami ZxH-Labs |...
WHMCompleteSolution (WHMCS) 5.12 - 'cart.php' Denial of Service
/ source: https://www.securityfocus.com/bid/65470/info WHMCS is prone to a denial-of-service vulnerability. Successful exploits may allow attackers to cause denial-of-service condition, denying service to legitimate users. WHMCS 5.12 is vulnerable; other versions may also be affected. /...
WHMCompleteSolution (WHMCS) 5.2.8 - SQL Injection
WHMCompleteSolution WHMCS 5.2.8 - SQL Injection Exploit Title: WHMCS 5.2.8 SQL Injection Google Dork: "powered by WHMCS" Date: 10/18/2013 Exploit Author: g00n Xploiter.net Vendor Homepage: http://www.whmcs.com/ Software Link: http://www.whmcs.com/ Version: 5.2.8 Tested on: Windows, Linux Vulnerab...
WHMCompleteSolution (WHMCS) 5.2.7 - SQL Injection
WHMCompleteSolution WHMCS 5.2.7 - SQL Injection !/usr/bin/env python 2013/10/03 - WHMCS 5.2.7 SQL Injection http://localhost.re/p/whmcs-527-vulnerability url = 'http://clients.target.com/' wopsie dopsie useremail = '[email protected]' just create a dummie account at /register.php userpwd =...
Vulnerabilities in multiple web applications with GDD FLVPlayer
Hello 3APA3A! These are Content Spoofing and Cross-Site Scripting vulnerabilities in multiple web applications with GDD FLVPlayer. Earlier I've wrote about vulnerabilities in GDD FLVPlayer http://seclists.org/fulldisclosure/2013/Aug/247. This is video and audio player, which is used at thousands...
WHMCS 4.x - invoicefunctions.php?id SQL Injection
WHMCS 4.x - invoicefunctions.php?id SQL Injection Title: WHMCS 4.x SQL Injection Vulnerability Google Dork: intext:"Powered by WHMCompleteSolution" OR inurl:"submitticket.php" Author: Ahmed Aboul-Ela Contact: Ahmed.Aboul3laatgmaildotcom Date: 14/5/2013 Vendor: http://www.whmcs.com Version: 4.5....
WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php?hash' SQL Injection
Tile: WHMCS grouppay plugin SQL Injection = 1.5 Author: HJauditing Employee Tim E-mail: [email protected] Web: http://hjauditing.com/ Plugin: http://kadeo.com.au/design-and-development/whmcs-dev/whmcs-modules/72-group-pay.html ============ Introduction ============ We have found a SQL injection...
WHMCompleteSolution (WHMCS) - 'boleto_bb.php' SQL Injection
source: https://www.securityfocus.com/bid/53711/info WHMCS WHM Complete Solution is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application,...
Design/Logic Flaw
functions.php in WHMCompleteSolution WHMCS 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field...
Design/Logic Flaw
submitticket.php in WHMCompleteSolution WHMCS 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE: the vendor disputes this issue, noting that some of the details overlap CVE-2011-5061, but that it...
CVE-2011-5061
CVE-2011-5061 affects WHMCS (WHMCompleteSolution) 4.0.x–5.0.x. The vulnerability lies in functions.php allowing remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket with weaponized subject data, due to improper handling of characters....
CVE-2012-0693
submitticket.php in WHMCompleteSolution WHMCS 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE: the vendor disputes this issue, noting that some of the details overlap CVE-2011-5061, but that it...
Directory traversal
Directory traversal vulnerability in clientarea.php in WHMCompleteSolution WHMCS 3.x.x allows remote attackers to read arbitrary files via an invalid action and a ../ dot dot slash in the templatefile parameter...
CVE-2011-4810
Multiple directory traversal vulnerabilities in WHMCompleteSolution WHMCS 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to 1 submitticket.php and 2 downloads.php, and 3 the report parameter to admin/reports.php...