###
# Title: LokiCMS Multiple Vulnerabilities through Authorization weakness
# Vendor: http://www.lokicms.com
# Bugs: Arbitrary File Overwrite,Code Injection,File Inclusion,Retrieve Admin's
Hash
# Vulnerable Versio
--- [EMAIL PROTECTED] wrote:
> Nothing new.
> Already found: http://securityreason.com/achievement_securityalert/36/
I think its obvious that this one focuses on safe_mode restriction weakness
and that one talks
about open_basedir! The only Similarity between these two advisories is the
vulner
KAPDA New advisory
Vendor: http://www.flexbb.net
Vulnerable Version: 1.0.0 10005 Beta Release 1
Bug: SQL Injection
Exploitation: Remote with browser
Description:
Flexbb is a freely available PHP-based message board
program that uses a MySQL database.
Vulnerability:
Product: cutenews 1.4.5
Vendor: http://cutephp.com
The Results through security analysis of cutenews
1.4.5
[provided by KAPDA.ir]
--
Test plan:
Manual penetration testing: YES
Using automated tools: NO
Code Auditing: YES
Statistical Results
KAPDA New advisory
Vendor: http://www.mamboserver.com
Vulnerable Versions: 4.6.x
Bug: XSS, Html Injection, Sql Injection
Exploitation: Remote with browser
Description:
Mambo is a feature-rich dynamic portal engine/content
management tool capable of building sites from severa
KAPDA New advisory
Vendor: http://www.joomla.org
Vulnerable: 1.0.10 (prior versions also maybe
Affected)
Bug: user session validation weakness
Exploitation: Remote with browser
Poc: available
Description:
>From vendorâs website.
Joomla! is an award-winning Content Manage
KAPDA New advisory
Vendor: http://myiosoft.com
Vulnerable: AjaxPortal v. 3.0
Bug: Sql Injection (Authentication Bypass)
Exploitation: Remote with browser
Description:
AjaxPortal is based on Sajax technology - an open
source tool to make programming websites using the
Ajax f
KAPDA New advisory
Vendor: http://www.geeklog.net
Bugs: Path Disclosure, XSS, SQL Injection
(Authentication bypass)
Vulnerable Version: geeklog-1.4.0sr2(prior versions
also may be affected)
Exploitation: Remote with browser
Description:
geeklog is a freely available PHP-ba
Vendor: http://www.phpwcms.de
Bugs: Path Disclosure, XSS, Local File Inclusion,
Remote Code Execution
Vulnerable Version: phpwcms 1.2.5-DEV (prior versions
also maybe affected)
Exploitation: Remote with browser
Description:
phpwcms is a web content management system optimized
KAPDA New advisory
Mambo website : http://www.mamboserver.com
Bug: Path Disclosure & Remote Denial Of Service
Exploitation: Remote with browser
Exploit: available
Description:
Mambo is a feature-rich dynamic portal engine/content
management tool capable of building sites from
KAPDA New advisory
Vendor: http://www.freeguppy.org
Vulnerable: <= 4.5.11
Bug: Destroy database files (Remote DoS vulnerability)
Exploitation: Remote with browser
Exploit: available
Description:
GuppY is a web portal intentionaly designed to be easy
to use for you,
the final
KAPDA New advisory
Vendor: http://classifieds.phpoutsourcing.com
Vulnerable: Noah`s classifieds 1.3 and below
(classifieds component for mambo also may be affected)
Bug: Path Disclosure,Sql Injection,XSS,Local file
inclusion,Remote code execution
Exploitation: Remote with browser
Exploit:avai
KAPDA New advisory
Vendor: http://www.jaia-interactive.com
Vulnerable: Version: 1.2.3
Bug: Sql Injection & Path Disclosure
Exploitation: Remote with browser
Description:
MyTopix is a PHP-based message board system that uses
a MySQL database.
Vulnerability:
KAPDA New advisory
Vendor: http://www.vbulletin.com
Vulnerable Version: 3.5.2 (prior versions also may be
affected)
Bug: Html Injection (Second order cross site
scripting)
Exploitation: Remote with browser
Description:
vBulletin is a powerful, scalable and fully
customizable
KAPDA New advisory
Vendor: http://www.beehiveforum.net
Vulnerable: Version 0.6.2
Bug: HTML Injection , Possible attacks with
register_globals = On
Exploitation: Remote with browser
Description:
Beehive Forum is a PHP-based message board system that
uses a MySQL database.
Vu
KAPDA New advisory
Vendor: http://www.simplemachines.org/
Vulnerable Version:SMF 1.1 rc1, Other versions also
may be affected.
Bug: SQL Injection
Exploitation: Remote with browser
Description:
Simple Machines Forum is a most widely used PHP-based
message board system that use
KAPDA New advisory
Vendor: http://www.thwboard.de
Vulnerable Version: 3 beta 2.8
Bug: HTML Injection , XSS , SQL Injection
Exploitation: Remote with browser
Description:
ThWboard is a freely available German PHP-based
message board program that uses a MySQL database.
Vulnera
--- Will Wesley <[EMAIL PROTECTED]> wrote:
>Anyway, a solution is really quite simple.
>Allow users to disable HTML in their email, or why
not by >default?
Don't you think this is not a real solution?
User must be safe to use any option and also full
performances.
A
KAPDA New advisory
Vendor: http://www.php-post.co.uk/
Vulnerable Version: v1.0
Bug: XSS and HTML Injection
Exploitation: Remote with browser
Description:
PHPP is a free message board powered by PHP and MySQL.
Vulnerability:
HTML Injection: The software
[KAPDA::#13] - XMB (extreme message board) HTML
Injection & Path Disclosure.
KAPDA New advisory
Vendor: http://www.xmbforum.com
Bug: HTML Injection & Path Disclosure
Exploitation: Remote with browser
Description:
XMB is a free message board powered by PHP and MySQL.
Vulnera
[KAPDA::#12] - ekinboard XSS and HTML Injection
KAPDA New advisory
Vendor: http://www.ekinboard.com
Vulnerable Version: 1.0.3
Bug: XSS and HTML Injection
Exploitation: Remote with browser
Description:
ekinboard is an open source forum software designed
and programmed by ekin
[KAPDA::#11] - Mambo Open Source, Path disclosure
KAPDA New advisory
Vendor: http://www.mamboserver.com
Vulnerable Versions: 4.5.2.3 , 4.5.2.2 , 4.5.2.1
,4.5.2
Bug: path disclosure
Exploitation: Remote with browser
Discussion:
Mambo is a feature-rich dynamic portal engine/c
[KAPDA::#10] - VUBB XSS & path disclosure
vulnerabilities
KAPDA New advisory
Vendor: http://www.vubb.com
Version: vubb alpha rc1
Bug: XSS & path disclosure
Exploitation: Remote with browser
Discussion:
VuBB is a Free PHP/MySQL forum/bulletin board system.
Vulnerability:
---
23 matches
Mail list logo