LokiCMS Multiple Vulnerabilities through Authorization weakness

### # Title: LokiCMS Multiple Vulnerabilities through Authorization weakness # Vendor: http://www.lokicms.com # Bugs: Arbitrary File Overwrite,Code Injection,File Inclusion,Retrieve Admin's Hash # Vulnerable Versio

Re: Re: PHP <= 5.2.5 Safe Mode Bypass

--- [EMAIL PROTECTED] wrote: > Nothing new. > Already found: http://securityreason.com/achievement_securityalert/36/ I think it’s obvious that this one focuses on safe_mode restriction weakness and that one talks about open_basedir! The only Similarity between these two advisories is the vulner

[KAPDA::#64] - Flexbb Sql Injection

KAPDA New advisory Vendor: http://www.flexbb.net Vulnerable Version: 1.0.0 10005 Beta Release 1 Bug: SQL Injection Exploitation: Remote with browser Description: Flexbb is a freely available PHP-based message board program that uses a MySQL database. Vulnerability:

[KAPDA]::Security analysis of cutenews 1.4.5

Product: cutenews 1.4.5 Vendor: http://cutephp.com The Results through security analysis of cutenews 1.4.5 [provided by KAPDA.ir] -- Test plan: Manual penetration testing: YES Using automated tools: NO Code Auditing: YES Statistical Results

[KAPDA::#60] Mambo V4.6.x vulnerabilities

KAPDA New advisory Vendor: http://www.mamboserver.com Vulnerable Versions: 4.6.x Bug: XSS, Html Injection, Sql Injection Exploitation: Remote with browser Description: Mambo is a feature-rich dynamic portal engine/content management tool capable of building sites from severa

[KAPDA::#55] - Joomla poll component vulnerability

KAPDA New advisory Vendor: http://www.joomla.org Vulnerable: 1.0.10 (prior versions also maybe Affected) Bug: user session validation weakness Exploitation: Remote with browser Poc: available Description: >From vendor’s website. Joomla! is an award-winning Content Manage

[KAPDA::#46] - AjaxPortal Authentication Bypass

KAPDA New advisory Vendor: http://myiosoft.com Vulnerable: AjaxPortal v. 3.0 Bug: Sql Injection (Authentication Bypass) Exploitation: Remote with browser Description: AjaxPortal is based on Sajax technology - an open source tool to make programming websites using the Ajax f

[KAPDA::#45] - geeklog multiple vulnerabilities

KAPDA New advisory Vendor: http://www.geeklog.net Bugs: Path Disclosure, XSS, SQL Injection (Authentication bypass) Vulnerable Version: geeklog-1.4.0sr2(prior versions also may be affected) Exploitation: Remote with browser Description: geeklog is a freely available PHP-ba

[KAPDA::#43] - phpwcms multiple vulnerabilities

Vendor: http://www.phpwcms.de Bugs: Path Disclosure, XSS, Local File Inclusion, Remote Code Execution Vulnerable Version: phpwcms 1.2.5-DEV (prior versions also maybe affected) Exploitation: Remote with browser Description: phpwcms is a web content management system optimized

[KAPDA::#41] - Mambo/Joomla rss component vulnerability

KAPDA New advisory Mambo website : http://www.mamboserver.com Bug: Path Disclosure & Remote Denial Of Service Exploitation: Remote with browser Exploit: available Description: Mambo is a feature-rich dynamic portal engine/content management tool capable of building sites from

[KAPDA::#33] - GuppY <= 4.5.11 Remote DoS vulnerability

KAPDA New advisory Vendor: http://www.freeguppy.org Vulnerable: <= 4.5.11 Bug: Destroy database files (Remote DoS vulnerability) Exploitation: Remote with browser Exploit: available Description: GuppY is a web portal intentionaly designed to be easy to use for you, the final

[KAPDA::#29]Noah's classifieds multiple vulnerabilities

KAPDA New advisory Vendor: http://classifieds.phpoutsourcing.com Vulnerable: Noah`s classifieds 1.3 and below (classifieds component for mambo also may be affected) Bug: Path Disclosure,Sql Injection,XSS,Local file inclusion,Remote code execution Exploitation: Remote with browser Exploit:avai

[KAPDA::#26] - MyTopix Sql Injection & Path Disclosure

KAPDA New advisory Vendor: http://www.jaia-interactive.com Vulnerable: Version: 1.2.3 Bug: Sql Injection & Path Disclosure Exploitation: Remote with browser Description: MyTopix is a PHP-based message board system that uses a MySQL database. Vulnerability:

[KAPDA::#19] - Html Injection in vBulletin 3.5.2

KAPDA New advisory Vendor: http://www.vbulletin.com Vulnerable Version: 3.5.2 (prior versions also may be affected) Bug: Html Injection (Second order cross site scripting) Exploitation: Remote with browser Description: vBulletin is a powerful, scalable and fully customizable

[KAPDA::#17] - beehiveforum Script Injection

KAPDA New advisory Vendor: http://www.beehiveforum.net Vulnerable: Version 0.6.2 Bug: HTML Injection , Possible attacks with register_globals = On Exploitation: Remote with browser Description: Beehive Forum is a PHP-based message board system that uses a MySQL database. Vu

[KAPDA::#16] - SMF SQL Injection

KAPDA New advisory Vendor: http://www.simplemachines.org/ Vulnerable Version:SMF 1.1 rc1, Other versions also may be affected. Bug: SQL Injection Exploitation: Remote with browser Description: Simple Machines Forum is a most widely used PHP-based message board system that use

[KAPDA::#15] - ThWboard multiple vulnerabilities

KAPDA New advisory Vendor: http://www.thwboard.de Vulnerable Version: 3 beta 2.8 Bug: HTML Injection , XSS , SQL Injection Exploitation: Remote with browser Description: ThWboard is a freely available German PHP-based message board program that uses a MySQL database. Vulnera

Re: XSS on Yahoo Mail

--- Will Wesley <[EMAIL PROTECTED]> wrote: >Anyway, a solution is really quite simple. >Allow users to disable HTML in their email, or why not by >default? Don't you think this is not a real solution? User must be safe to use any option and also full performances. A

[KAPDA::#14] - PHPPost XSS and HTML Injection

KAPDA New advisory Vendor: http://www.php-post.co.uk/ Vulnerable Version: v1.0 Bug: XSS and HTML Injection Exploitation: Remote with browser Description: PHPP is a free message board powered by PHP and MySQL. Vulnerability: HTML Injection: The software

[KAPDA::#13] - XMB HTML Injection & Path Disclosure.

[KAPDA::#13] - XMB (extreme message board) HTML Injection & Path Disclosure. KAPDA New advisory Vendor: http://www.xmbforum.com Bug: HTML Injection & Path Disclosure Exploitation: Remote with browser Description: XMB is a free message board powered by PHP and MySQL. Vulnera

[KAPDA::#12] - ekinboard XSS and HTML Injection

[KAPDA::#12] - ekinboard XSS and HTML Injection KAPDA New advisory Vendor: http://www.ekinboard.com Vulnerable Version: 1.0.3 Bug: XSS and HTML Injection Exploitation: Remote with browser Description: ekinboard is an open source forum software designed and programmed by ekin

Mambo Open Source, Path disclosure

[KAPDA::#11] - Mambo Open Source, Path disclosure KAPDA New advisory Vendor: http://www.mamboserver.com Vulnerable Versions: 4.5.2.3 , 4.5.2.2 , 4.5.2.1 ,4.5.2 Bug: path disclosure Exploitation: Remote with browser Discussion: Mambo is a feature-rich dynamic portal engine/c

VUBB XSS & path disclosure Vulnerabilities

[KAPDA::#10] - VUBB XSS & path disclosure vulnerabilities KAPDA New advisory Vendor: http://www.vubb.com Version: vubb alpha rc1 Bug: XSS & path disclosure Exploitation: Remote with browser Discussion: VuBB is a Free PHP/MySQL forum/bulletin board system. Vulnerability: ---