312 matches found
Design/Logic Flaw
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method...
CVE-2010-2099
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method...
e107 BBCode arbitrary PHP code execution vulnerability-vulnerability warning-the black bar safety net
e107 is a php written content management system. e107 in the bbcode phpallows execution of arbitrary PHP code. Since this method is more dangerous, e107 configuration generally prohibit all users access the bbcode, the administrator can be for a specific group of users on-demand activation of thi...
CPA Lead Script SQL Injection
In The Name Of Allah The Mercifull Tybe: SQL Injection Vulnerabilities Vendor: www.v-eva.com + Software: CPA Lead Script + author: R3d-D3v!L + TEAM: ArAB!AN !NFORMAT!ON SeCuR!TY ----4.!.5 ? contact: Xathotmail.co.jp - ? Date: 14.Jan.2010 ? T!ME: 05:15 am GMT ? Home: © Offensive Security ?...
CVE-2010-1091
Multiple cross-site scripting XSS vulnerabilities in contact.php in phpMySite allow remote attackers to inject arbitrary web script or HTML via the 1 name, 2 city, 3 email, 4 state, and 5 message parameters...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in contact.php in phpMySite allow remote attackers to inject arbitrary web script or HTML via the 1 name, 2 city, 3 email, 4 state, and 5 message parameters...
CVE-2010-1091
CVE-2010-1091 affects phpMySite’s contact.php, enabling multiple XSS via the name, city, email, state, and message parameters. The affected component is the contact form handling in phpMySite. Root cause: unescaped user-supplied input in these fields. Impact: remote attackers can inject arbitrary...
My Little Forum contact.php SQL Injection
No description provided by source. ----------------------------Information------------------------------------------------ +Name : my little forum contact.php SQL Injection +Autor : Easy Laster +Date : 02.03.2010 +Script : my little forum contact.php +Download : http://mylittleforum.net/ +Demo :...
My Little Forum SQL Injection
----------------------------Information------------------------------------------------ +Name : my little forum contact.php SQL Injection +Autor : Easy Laster +Date : 02.03.2010 +Script : my little forum contact.php +Download : http://mylittleforum.net/ +Demo : http://teklador.de/forum/ +Price :...
My Little Forum - 'contact.php' SQL Injection
----------------------------Information------------------------------------------------ +Name : my little forum contact.php SQL Injection +Autor : Easy Laster +Date : 02.03.2010 +Script : my little forum contact.php +Download : http://mylittleforum.net/ +Demo : http://teklador.de/forum/ +Price :...
phpMySite Cross Site Scripting / SQL Injection
================================================================= phpMySite XSS/SQLi Multiple Remote Vulnerabilities ================================================================= Author: Crux Homepage: http://hack-tech.com Date: 2-27-2010 Software Link: http://www.phpmysite.com/ Version: N/A...
phpMySite - Cross-Site Scripting SQL Injection
phpMySite - Cross-Site Scripting SQL Injection ================================================================= phpMySite XSS/SQLi Multiple Remote Vulnerabilities ================================================================= Author: Crux Homepage: http://hack-tech.com Date: 2-27-2010 Softwar...
phpMySite (XSS/SQLi) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ==================================================== phpMySite XSS/SQLi Multiple Remote Vulnerabilities ==================================================== ================================================================= phpMySite XSS/SQ...
phpMySite - Cross-Site Scripting / SQL Injection
================================================================= phpMySite XSS/SQLi Multiple Remote Vulnerabilities ================================================================= Author: Crux Homepage: http://hack-tech.com Date: 2-27-2010 Software Link: http://www.phpmysite.com/ Version: N/A...
CVE-2008-6081
SQL injection vulnerability in contact.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2008-6081
The CVE-2008-6081 entry describes an SQL injection vulnerability in Simple Customer 1.2, specifically in contact.php, where the id parameter can be manipulated by an attacker to execute arbitrary SQL commands. Affects Simple Customer 1.2 (contact.php) with user-controlled id input; impact per NVD...
CVE-2008-6081
SQL injection vulnerability in contact.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter...
Unfixed XSS vulnerability at www.cyreas.com
Security researcher PHPLizardo, has submitted on 07/08/2008 a cross-site-scripting XSS vulnerability affecting www.cyreas.com, which at the time of submission ranked 4171291 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 15/08/2008. It is...
Unfixed XSS vulnerability at www.halfpintmusic.com
Security researcher mckt, has submitted on 20/06/2008 a cross-site-scripting XSS vulnerability affecting www.halfpintmusic.com, which at the time of submission ranked 3749688 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/07/2008. It is...
CVE-2008-2690
Multiple PHP remote file inclusion vulnerabilities in BrowserCRM 5.002.00, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the bcrmpubroot parameter to 1 kb.php, 2 login.php, 3 index.php, 4 contactview.php, and 5 contact.php in pub/, different...