Information Security News and Exploits

Providing you with Security News and Exploits from all over the web.

Entries for July 4th, 2010

SweetRice <= 0.6.4 (fckeditor) Remote File Upload

Jul.04, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>SweetRice &lt;= 0.6.4 (fckeditor) Remote File Upload</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================================
SweetRice &lt;= 0.6.4 (fckeditor) Remote File Upload
=================================================
##############################################################################
#Title: SweetRice &lt; 0.6.4 (fckeditor) Remote File Upload [...]

Leave a Comment

Sphider admin panel path disclosure authentication by pass

Jul.04, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Sphider admin panel path disclosure authentication by pass</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==========================================================
Sphider admin panel path disclosure authentication by pass
==========================================================
Author :: Net_Spy
Group [...]

Leave a Comment

Sandbox v2.0.2 Local FIle Inclusion Vulnerability

Jul.04, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Sandbox v2.0.2 Local FIle Inclusion Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================================
Sandbox v2.0.2 Local FIle Inclusion Vulnerability
=================================================
: # Tested on: Linux os [...]

Leave a Comment

Joomla ninjaboard com_ninjademo SQL Injection Vulnerability

Jul.04, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla ninjaboard com_ninjademo SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===========================================================
Joomla ninjaboard com_ninjademo SQL Injection Vulnerability
===========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Simple:Press Wordpress Plugin SQL Injection Vulnerability

Jul.04, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Simple:Press Wordpress Plugin SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================================
Simple:Press Wordpress Plugin SQL Injection Vulnerability
=========================================================
# Title: Simple:Press Wordpress Plugin SQL Injection Vulnerability
# Author: ADEO Security
# Published: 03/07/2010
# Version: v4.3.0 (Possible all versions)
# Vendor: http://simple-press.com
# Download: http://simple-press.com/download-manager.php?id=228
# Description: &quot;Simple:Press ? the feature [...]

Leave a Comment

phpaaCms v0.3.1 (show.php) SQL Injection Vulnerability

Jul.04, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>phpaaCms v0.3.1 (show.php) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>======================================================
phpaaCms v0.3.1 (show.php) SQL Injection Vulnerability
======================================================
#?Exploit Title: phpaaCms (show.php?id=) SQL injection Vulnerable
# Software http://www.phpaa.cn
# Tested on: win 7
# category: webapp
# Code : n/a
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
MWUHH TO Bl00dMafia: KashmiriMafia, Mirpuri, Mirzatun: gula, Boby, Mota [...]

Leave a Comment

iLister listing script LFi Vulnerability

Jul.04, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>iLister listing script LFi Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>========================================
iLister listing script LFi Vulnerability
========================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Net-B2B trading Marketplace XSS/HTML Injection Vulnerability

Jul.04, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Net-B2B trading Marketplace XSS/HTML Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================================
Net-B2B trading Marketplace XSS/HTML Injection Vulnerability
============================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Esoftpro Online Password Manager Multiple Vulnerability

Jul.04, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Esoftpro Online Password Manager Multiple Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================================
Esoftpro Online Password Manager Multiple Vulnerability
=======================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Zinkwazi PHPSlideShow Multiple Vulnerability

Jul.04, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Zinkwazi PHPSlideShow Multiple Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================
Zinkwazi PHPSlideShow Multiple Vulnerability
============================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

TCW PHP Album Multiple Vulnerability

Jul.04, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>TCW PHP Album Multiple Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================
TCW PHP Album Multiple Vulnerability
====================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Esoftpro Online Guestbook Pro Multiple Vulnerability

Jul.04, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Esoftpro Online Guestbook Pro Multiple Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================
Esoftpro Online Guestbook Pro Multiple Vulnerability
====================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Esoftpro Online Photo Pro Multiple Vulnerability

Jul.04, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Esoftpro Online Photo Pro Multiple Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================
Esoftpro Online Photo Pro Multiple Vulnerability
================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Esoftpro Online Contact Manager Multiple Vulnerability

Jul.04, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Esoftpro Online Contact Manager Multiple Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>======================================================
Esoftpro Online Contact Manager Multiple Vulnerability
======================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Joomla Component com_phocagallery SQL injection Vulnerability

Jul.04, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_phocagallery SQL injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================================
Joomla Component com_phocagallery SQL injection Vulnerability
=============================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Studiomenozzi CMS Multiple SQL Injection Vulnerability

Jul.04, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Studiomenozzi CMS Multiple SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>======================================================
Studiomenozzi CMS Multiple SQL Injection Vulnerability
======================================================
##############################################################################
# [+]Title: [Studiomenozzi CMS Multiple SQL Injection Vulnerability]
##############################################################################
# [+] About :
==============================================================================
# Author : GlaDiaT0R
# Contact: the_gl4di4t0r[AT]hotmail[DOT]com or berrahal.ryadh[AT]gmail[DOT]com
# Team : Tunisian Power Team
# Greetz : [...]

Leave a Comment

gridlines (view.php) SQL Injection Vulnerability

Jul.04, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>gridlines (view.php) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================
gridlines (view.php) SQL Injection Vulnerability
================================================
####################################
[+] Title: gridlines (view.php) id SQL Injection Vulnerability?
[+] Author: **TeaM MosTa**
[+] Software Link: http://jedmund.com
[+] Tested on Win Xp Sp2/Sp3 linux &amp; seven 7
[+] Category: [webapps/0day]
####################################
[~] ExPLoiTed by **TeaM MosTa**
[~] [...]

Leave a Comment

ph5 CMS (prodotto.php) Blind SQL Injection Vulnerability

Jul.04, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ph5 CMS (prodotto.php) Blind SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>========================================================
ph5 CMS (prodotto.php) Blind SQL Injection Vulnerability
========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Politica Comunicazione (pag.php) SQL Injection Vulnerability

Jul.04, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Politica Comunicazione (pag.php) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================================
Politica Comunicazione (pag.php) SQL Injection Vulnerability
============================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Village (cucina_scheda.php) Blind SQL Injection Vulnerability

Jul.04, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Village (cucina_scheda.php) Blind SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================================
Village (cucina_scheda.php) Blind SQL Injection Vulnerability
=============================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment