7698 matches found
CVE-2007-1248
Multiple cross-site scripting XSS vulnerabilities in built2go News Manager Blog 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 cid, 2 uid, and 3 nid parameters to a news.php, and the nid parameter to b rating.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in built2go News Manager Blog 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 cid, 2 uid, and 3 nid parameters to a news.php, and the nid parameter to b rating.php...
CVE-2007-1248
CVE-2007-1248 affects built2go News Manager Blog 1.0 with multiple reflected XSS vulnerabilities. The issue allows remote attackers to inject arbitrary script or HTML via the cid, uid, and nid parameters to news.php, and the nid parameter to rating.php. The connected records confirm the same desc...
CVE-2007-1248
Multiple cross-site scripting XSS vulnerabilities in built2go News Manager Blog 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 cid, 2 uid, and 3 nid parameters to a news.php, and the nid parameter to b rating.php...
CVE-2006-6993
Multiple SQL injection vulnerabilities in pages/addcomment2.php in Neuron Blog 1.1 allow remote attackers to inject arbitrary SQL commands via the 1 commentname, 2 commentmail, 3 commentwebsite, and 4 comment parameters. NOTE: the provenance of this information is unknown; the details are obtaine...
CVE-2006-6993
Multiple SQL injection vulnerabilities in pages/addcomment2.php in Neuron Blog 1.1 allow remote attackers to inject arbitrary SQL commands via the 1 commentname, 2 commentmail, 3 commentwebsite, and 4 comment parameters. NOTE: the provenance of this information is unknown; the details are obtaine...
CVE-2006-6993
CVE-2006-6993 concerns multiple SQL injection flaws in Neuron Blog 1.1, specifically in pages/addcomment2.php. The vulnerabilities allow remote attackers to inject arbitrary SQL via the (1) commentname, (2) commentmail, (3) commentwebsite, or (4) comment parameters, leading to potential data inte...
KGB <= 1.9 Remote Code Execution Exploit
No description provided by source. ? //Kacper & str0ke Settings $exploitname = "KGB = 1.9 Remote Code Execution Exploit"; $scriptname = "KGB 1.9"; $scriptsite = "http://www.kgb.xs.com.pl/index.php?tri=2"; $dork = 'inurl:"kgb19"'; // print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+:...
GGCMS 1.1.0 RC1 - Remote Code Execution
? // //Kacper & str0ke Settings $exploitname = "GGCMS = v1.1.0 RC1 Remote Auto Deface Exploit / Remote Code Execution Exploit"; $scriptname = "GGCMS v1.1.0 RC1"; $scriptsite = "http://ggcms.weblance.pl/"; $dork = '"Powered by GGCMS"'; // print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+...
F3Site 2.1 - Remote Code Execution
F3Site 2.1 - Remote Code Execution ? // //Kacper & str0ke Settings $exploitname = "F3Site = 2.1 Remote Code Execution Exploit"; $scriptname = "F3Site 2.1"; $scriptsite = "http://dhost.info/compmaster/"; $dork = '"Powered by F3Site"'; //to work exploit you need admin session, and cookies prefix //...
CVE-2007-0541
WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain...
DEBIAN-CVE-2007-0541
WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain...
CVE-2007-0541
WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain...
makit-sql.txt
Title : makit news/blog poster =v3newspage.asp Remote SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://www.makit.net $$ : Free SQL--------------------------------------------------------- http://target/path//newspage.asp?uid=SQL Example:...
Movable Type' Blog < 3.34 XSS
Binary data 3894.prm...
kgb19-lfi.txt
? //Kacper & str0ke Settings $exploitname = "KGB = 1.9 Remote Code Execution Exploit"; $scriptname = "KGB 1.9"; $scriptsite = "http://www.kgb.xs.com.pl/index.php?tri=2"; $dork = 'inurl:"kgb19"'; // print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:...
KGB 1.9 - 'sesskglogadmin.php' Local File Inclusion
? //Kacper & str0ke Settings $exploitname = "KGB = 1.9 Remote Code Execution Exploit"; $scriptname = "KGB 1.9"; $scriptsite = "http://www.kgb.xs.com.pl/index.php?tri=2"; $dork = 'inurl:"kgb19"'; // print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:...
CVE-2006-6925
Multiple cross-site scripting XSS vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the message title field when submitting an article to articles/edit.php, 2 the message title field when submitting a blog post to blogs/post.php, or...
DMA[2007-0109a] - 'Apple Finder Disk Image Volume Label Overflow / DoS'
DMA2007-0109a - 'Apple Finder Disk Image Volume Label Overflow / DoS' Author: Kevin Finisterre Vendors: http://www.apple.com Product: '= OSX 10.4 ?' References: http://www.digitalmunition.com/DMA2007-0109a.txt http://www.apple.com/macosx/features/finder/...
CVE-2007-0150
Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the 1 page, 2 subject, and 3 q parameters...