://sourceforge.net/projects/tuguxcms/files/tuguxCMS_v.1.0_final.rar/download
Author: eidelweiss
contact:eidelweiss[at]windowslive[dot]com
Home: www.eidelweiss.info
References:
http://eidelweiss-advisories.blogspot.com/2011/03/tugux-cms-nid-blind-sql-injection.html
Download link: http://www.kajianwebsite.org/download/CMS%20versi%203.3.zip
Author: eidelweiss
contact:eidelweiss[at]windowslive[dot]com
Home: www.eidelweiss.info
Gratz: xx_user , kuris , and YOU !!!
References:
http://eidelweiss-advisories.blogspot.com/2011/03/cms-balitbang-v-33
Type: BLind SQL Injection
Download link:
http://www.joomlacontenteditor.net/downloads/editor/joomla15x/category/joomla-15-2
(check here)
Author: eidelweiss
contact:eidelweiss[at]windowslive[dot]com
Home: www.eidelweiss.info
Dork: inurl:"/index.php?option=co
Software: JagoanStore CMS
Vendor: www.jagoanstore.com
Price: Rp.900.000 (IDR)
Vuln Type: Arbitary file upload
Author: eidelweiss
contact: eidelweiss[at]windowslive[dot]com
Home: www.eidelweiss-advisories.blogspot.com
Gratz: Devilzc0de, YOGYACARDERLINK, and YOU !!!
References:
http
/ GPL
[+]Metode : Remote File Inclusion
[+]Author: eidelweiss
[*]Special to Syabilla_putri (I miss u so much to)[*]
[!]Thank`s Fly To:
[~] Jose Luis Gongora Fernandez a.k.a JosS
[~] exploit-db team (loneferret - Exploits - dookie2000ca)
[~] r0073r & 0x1D , [D]eal [C]
Patch and update version available but still vulnerability
update version v4.1.1
Ref:
http://secunia.com/advisories/39185
[!] Descriptsion
60cycleCMS is a simple CMS using PHP and MySQL. It is designed for blogging on
personal websites, and was first written to power 60cycle.net.
For the purposes of easy integration into existing sites, 60cycleCMS does not
Vulnerability: Nucleus v3.51 ( other or lower version may also be affected)
Vendor: http://nucleuscms.org/
Category: Input Validation Error
Impact: (rfi/lfi) Multiple Vulnerability
Details:
Multiple Vulnerability has been found in Nucleus v3.51 because it fails to
sufficiently sanitize us
In-portal is prone to a remote arbitrary file-upload vulnerability
This issue may allow remote attackers to upload arbitrary files, including
malicious scripts, and possibly to execute a script on the affected server.
In-portal Web 2.0 CMS v5.0.3 is affected by this issue. Other or lowers
SmodCMS is prone to a vulnerability that lets attackers upload arbitrary files
because the application fails to adequately sanitize user-supplied input.
An attacker can exploit this vulnerability to upload arbitrary code and run it
in the context of the webserver process. This may facilitate una
phpegasus is prone to a vulnerability that lets attackers upload arbitrary
files because the application fails to adequately sanitize user-supplied input.
An attacker can exploit this vulnerability to upload arbitrary code and run it
in the context of the webserver process. This may facilitate u
Madirish Webmail is prone to Multiple vulnerabilities because it fails to
properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities to obtain potentially sensitive
information and execute arbitrary local scripts in the context of the webserver
process. This may allo
Puntal could allow a remote attacker to include malicious PHP files. A remote
attacker could send a specially-crafted URL request to the "index.php" script
using the "app_path=" OR "puntal_path=" parameter to specify a malicious PHP
file from a remote system, which would allow the attacker to ex
-=[ Description ]=-
A security issue has been discovered in Knowledgeroot, which can be exploited
by malicious people to bypass certain security restrictions.
Access to the enabled FCKeditor component is not properly restricted, which can
be exploited to e.g upload files of certain types.
The
REZERVI 3.0.2 Remote Command Execution Vulnerability
http://eidelweiss-advisories.blogspot.com/2010/05/rezervi-302-remote-command-execution.html
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable in directory "PATH/rezervi/in
Description:
Some vulnerabilities have been discovered in 2903 CMS, which can be exploited
by malicious people to compromise a vulnerable system.
Input passed to the "CONFIG[LibDir]" parameter in multiple files is not
properly verified before being used to include files. This can be exploit
PolyPager 1.0rc10 (fckeditor) Remote Arbitrary File Upload Vulnerability
Impact Security Bypass
Where From remote
Software PolyPager 1.0rc10
Description
A security issue has been discovered in PolyPager, which can be exploited by
malicious people to bypass certain security restrictions
Description
A vulnerability has been discovered in the advertising component for Joomla,
which can be exploited by malicious people to disclose potentially sensitive
information.
Input passed to the '"task" parameter in index.php (when "option" is set to
"com_aardvertiser") is not properly veri
submit[at]inj3ct0r.com1
0 0
1#### 1
0I'm eidelweiss member from Inj3ct0r Team 1
1
types.
original advisories and exploit code available here:
http://eidelweiss-advisories.blogspot.com/2010/05/hustoj-fckeditor-remote-arbitrary-file.html
upport e-mail : submit[at]inj3ct0r.com1
0 0
1#### 1
0I'm eidelw
talus-cms.googlecode.com/files/digitalus_1.10.0_alpha2.zip
####
[!]Author : eidelweiss
[!]Contact: eidelweiss[at]windowslive[dot]com
[!]Blog:http://eidelweiss-advisories.blogspot.com
[!]Gratz : DealCyber member`s , yogyacarderlink crew , and
://www.phpcms.cn/2010/1229/326.html
Author: eidelweiss
contact:eidelweiss[at]windowslive[dot]com
Home: www.eidelweiss.info
Google Dork:http://www.exploit-db.com/ghdb/3676/// check here ^_^
References:
http://eidelweiss-advisories.blogspot.com/2011/01/phpcms-v9
23 matches
Mail list logo
