PHPGlossar 0.8 - format_menue Remote File Inclusion

PHPGlossar 0.8 - formatmenue Remote File Inclusion ?????????? ??????????????? ??????????????????? ??????????????????????? ?????????????????????????? ?????????????????????????????? ????????????????????????????????? ??????????????????????????????????? ?????????????????????????????????????...

PHPGlossar 0.8 (format_menue) Remote File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications =================================================================== PHPGlossar 0.8 formatmenue Remote File Inclusion Vulnerabilities =================================================================== ?????????? ???????????????...

CVE-2007-2169

Static code injection vulnerability in add.php in Mozzers SubSystem 1.0 allows remote attackers to inject PHP code into subs.php via the 1 Sub-name or 2 Sub-url field. NOTE: an earlier report indicated that the add action can be reached through a request to index.php...

CVE-2007-2169

Static code injection vulnerability in add.php in Mozzers SubSystem 1.0 allows remote attackers to inject PHP code into subs.php via the 1 Sub-name or 2 Sub-url field. NOTE: an earlier report indicated that the add action can be reached through a request to index.php...

Mozzers SubSystem Add.PHP任意代码执行漏洞

Mozzers SubSystem是一款基于PHP的WEB应用程序。 Mozzers SubSystem不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'Add.PHP'脚本对用户提交的WEB参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 Mozzers SubSystem Mozzers SubSystem 1.0 目前没有解决方案提供： http://sourceforge.net/projects/subsystem/...

CVE-2006-6463

The CVE-2006-6463 entry concerns Midicart’s admin/add.php, where an unrestricted file upload vulnerability exists. According to PT-2006-7072, remote authenticated users can upload arbitrary files (potentially including .php) to the images/ directory under the web root via the admin/add.php endpoi...

CVE-2006-3923

Cross-site scripting XSS vulnerability in add.php in Fire-Mouse Toplist 1.1 and earlier, when registerglobals is enabled, allows remote attackers to inject arbitrary web script or HTML via the Seitenname parameter...

saphp "add.php" forumid Parameter SQL Injection

=========================================== Discovered By: C.B.B.L CrAzY CrAcKeR ,Breeeeh ,BoNy-m ,LiNuXrOOt =========================================== Search:- powered by: saphp Example:- story/add.php?forumid=SQL Injection ===========================================...

CVE-2006-3769

Multiple cross-site scripting XSS vulnerabilities in Top XL 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 pass and 2 pass2 parameters in a add.php or the 3 id parameter in b members/index.php...

CVE-2006-3349

CVE-2006-3349: The connected sources confirm multiple SQL injection vulnerabilities in SmS Script, exploitable remotely via the CatID parameter in cat.php and add.php. The NVD entry documents the impact as arbitrary SQL execution with partial confidentiality/integrity/availability effects (CVSS v...

CVE-2006-2987

Multiple SQL injection vulnerabilities in Dominios Europa PICRATE aka TAL RateMyPic 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 id, 2 voteid, and 3 vfiel parameters to a index.php, and via the 4 nick, 5 email, 6 city, 7 messen, and 8 message form field parameters to b...

CVE-2006-2987

Multiple SQL injection vulnerabilities in Dominios Europa PICRATE aka TAL RateMyPic 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 id, 2 voteid, and 3 vfiel parameters to a index.php, and via the 4 nick, 5 email, 6 city, 7 messen, and 8 message form field parameters to b...

CVE-2006-2281

X-Scripts X-Poll (xpoll) 2.30 is affected by an RCE via admin/images/add.php: an attacker can upload a PHP file and access it remotely. The underlying issue is improper file upload handling that allows execution of arbitrary PHP code. This affects the product as described in CVE-2006-2281 and is ...

Cross site scripting

Cross-site scripting XSS vulnerability in add.php in Hinton Design phphd 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2006-0609

CVE-2006-0609 : The vulnerability affects Hinton Design’s phphd 1.0, specifically the add.php script, where a Cross‑Site Scripting (XSS) flaw allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Multiple independent sources (NVD entry, eVuln/SEC references, and Pack...

CVE-2005-4225

Multiple "potential" SQL injection vulnerabilities in myBloggie 2.1.3 beta might allow remote attackers to execute arbitrary SQL commands via 1 the category parameter in add.php, 2 the catdesc parameter in addcat.php, 3 the level and user parameters in adduser.php, 4 the postid parameter in...

SQL saphp Lesson

saphp Lesson .. Search By Google :- saphp Lesson Gr33tz :- aLMaSTeR HaCKeR .. SQL Injection's FOunder - | almaster at hotmail dot com email concealed|- Devil-00 .. SQL Injection's Exploting - | [email protected] | - Security4Arab .. A'Where Home .. 1- SQL Injection in showcat.php...

CVE-2005-3128

CVE-2005-3128 is a cross-site scripting vulnerability in the Address Add Plugin for SquirrelMail (versions 1.9 and 2.0) where the add.php functionality fails to sanitize input, allowing an attacker to inject arbitrary script via the IMG tag . The vulnerability could enable execution of script in ...

CVE-2002-1799

CVE-2002-1799 concerns Cross-site Scripting in phpRank 1.8. The vulnerability allows remote attackers to inject arbitrary script/HTML via two user-supplied parameters: email (to add.php) and banurl. The connected documents do not provide vendor-specific patches or versioned remediation; no exploi...

phpLinks < 2.1.2 - Multiple Vulnerabilities

phpLinks Multiple Vulnerabilities Vendor: destiney.com Product: phpLinks Version: = 2.1.2 Website: http://phplinks.sourceforge.net/ BID: 6632 6633 Description: phpLinks is an open source free PHP script. phpLinks allows you to run a very powerful link farm or search engine. phpLinks has multileve...