82 matches found
CVE-2006-4051
PHP remote file inclusion vulnerability in global.php in Turnkey Web Tools PHP Live Helper 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter...
Cwfm 0.9.1 - Language Remote File Inclusion
Cwfm 0.9.1 - Language Remote File Inclusion +-------------------------------------------------------------------- + + Cwfm-0.9.1 Language Remote File Inclusion + + Original advisory: + + http://www.bb-pcsecurity.de/Websecurity/301/org/Cwfm-0.9.1LanguageRemoteFileInclusion.htm +...
Cwfm 0.9.1 - 'Language' Remote File Inclusion
+-------------------------------------------------------------------- + + Cwfm-0.9.1 Language Remote File Inclusion + + Original advisory: + + http://www.bb-pcsecurity.de/Websecurity/301/org/Cwfm-0.9.1LanguageRemoteFileInclusion.htm +...
[ECHO_ADV_42$2006] PHP Live Helper <= 2.0 (abs_path) Remote File Inclusion
/ / | | / // / | | Y / | / / /| / / / / / / .OR.ID ECHOADV42$2006 --------------------------------------------------------------------------------------------------- ECHOADV42$2006 PHP Live Helper = 2.0 abspath Remote File Inclusion...
PHP Live Helper 2.0 - 'abs_path' Remote File Inclusion
\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV43$2006 ------------------------------------------------------------------------------ ECHOADV43$2006 PHP Live Helper = 2.0 abspath Remote File Inclusion...
CVE-2006-1842
Cross-site scripting XSS vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the 1 NAME and 2 COMMENTS parameters...
Cross site scripting
Cross-site scripting XSS vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the 1 LOCATION and 2 URL parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Cross site scripting
Cross-site scripting XSS vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the 1 NAME and 2 COMMENTS parameters...
CVE-2006-1843
Cross-site scripting XSS vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the 1 LOCATION and 2 URL parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-1843
CVE-2006-1843: An XSS vulnerability in global.php of ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) LOCATION and (2) URL parameters. Affected software is ShoutBOOK 1.1; the issue arises from improper handling of user-supplied parameters, leading to reflec...
[KAPDA]MyBB1.1.0~global.php~ParameterExtracting
ORIGINAL ADVISORY: http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html ——————-Summary—————- Software: MyBB Sowtware’s Web Site: http://www.mybboard.com Versions: 1.1.0 Class: Remote Status: Unpatched Exploit: Available Solution: Available Discovered by: imei...
Sql injection
SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable...
CVE-2006-0523
SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable...
CVE-2006-0523
The vulnerability CVE-2006-0523 is an SQL injection flaw in MyBB’s global.php (templatelist variable) affecting versions prior to 1.03. The issue allows remote attackers to modify SQL queries, potentially compromising data. The core detail is that templatelist input is used in SQL statements with...
arabPortalSQL.txt
Hi .. This is small bug for Arab Portal System v2 Beta 2 File name :- global.php Remote:- Yes Credit :- Devil-00 Messenger :- E-Mail :- //-- Devil SQL Injection / This SQL can do when :- magicquotesgpc = Off $sessionid query"DELETE FROM rafiaonline WHERE onlineSID ='$sessionid' or timestamp...
Arab Portal v2 Beta2 SQL Injections
Hi .. This is small bug for Arab Portal System v2 Beta 2 File name :- global.php Remote:- Yes Credit :- Devil-00 Messenger :- [email protected] E-Mail :- [email protected] //-- Devil SQL Injection / This SQL can do when :- magicquotesgpc = Off $sessionid Bad Var Attacking :-...
CVE-2002-1922
CVE-2002-1922 describes a Cross-site Scripting (XSS) vulnerability in Jelsoft vBulletin, affecting versions 2.0.0 through 2.2.8. The issue allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables in global.php. The connected documents confirm th...
CVE-2002-1922
Cross-site scripting XSS vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the 1 $scriptpath or 2 $url variables...
MercuryBoard 1.1.4 SQL Injection
RST/GHC Advisory 28 Product : MercuryBoard Version : 1.1.4 FILE : index.php VULN : SQL injection CODE : global.php ---------- 71 : $this-agent = isset$SERVER'HTTPUSERAGENT' ? $SERVER'HTTPUSERAGENT' : null; index.php --------- 154 : $mercury-db-query"REPLACE INTO $mercury-preactive activeid,...
CVE-2005-1883
global.php in YaPiG 0.92b allows remote attackers to include arbitrary local files via the BASEDIR parameter...