422 matches found
UBBCentral UBB.threads 5.5.1/6.x download.php Number Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14052/info UBB.Threads is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker...
FdScript <= 1.3.2 (download.php) Remote File Disclosure Vulnerability
No description provided by source. Title : FdScript = v1.3.2 Remote File Disclosure Vulnerability Author : ajann Contact : : Site : http://stud.usv.ro/vladl/ $$ : Free SOURCE--------------------------------------------------------- http://target/path//download.php?fname=SOURCE FILE Example:...
Seo Panel 2.1.0 - Critical File Disclosure
No description provided by source. Title: Seo Panel 2.1.0 - Critical File Disclosure Body: Seo Panel - Critical File Disclosure http://www.exploit-db.com/finding-0days-in-web-applications/ Versions Affected: 2.1.0 previous versions were not checked. Info: A complete open source seo control panel...
WordPress File Groups plugin <= 1.1.2 - SQL Injection Vulnerability
No description provided by source. Exploit Title: WordPress File Groups plugin = 1.1.2 SQL Injection Vulnerability Date: 2011-08-17 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/file-groups.1.1.2.zip Version: 1.1.2 tested --- P...
ChangshinSoft EZTrans Server Download.PHP Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8155/info It has been reported that a problem in ChangshinSoft ezTrans Server exists in the download.php script that may allow an attacker to view arbitrary files. This may result in the disclosure of potentially sensitiv...
com_forum Mambo Component <= 1.2.4RC3 Remote Include Vulnerability
No description provided by source. Bug Found by h4ntu http://h4ntu.com batamhacker crew Another Mambo component remote inclusion vulneribility download : http://mamboxchange.com/frs/download.php/6873/phpbbcomponent1.2.4RC3.zip bug found in file : download.php define'INPHPBB', true; //$phpbbrootpa...
Siteframe 2.2.4 Download.php Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7143/info Siteframe has been reported vulnerable to an information disclosure vulnerability. When handling certain download requests Siteframe may be lead into an error condition. When these errors occur, the script will...
WordPress Filedownload Plugin 0.1 (download.php) Remote File Disclosure Vulnerability
No description provided by source...
WordPress SS Downloads Plugin <= 1.4 - XSS
Because of this vulnerability in templates/download.php, attackers can inject arbitrary web script or HTML via the "title" parameter. Solution Update the plugin...
WordPress SCv1 Local File Disclosure
Title : Wordpress SCv1 Theme Local File Disclosure + Discovered By : Medrik + CMS Home-Page : http://wordpress.org + Found Date : 2014-06-10 + Tested On : Windows This is LFD Vulnerability In : File : download.php Parameter : file Vulnerability Locate :...
NS_ASG 6.3 /commonplugin-Download.php 任意文件下载漏洞
No description provided by source...
WordPress Theme LineNity 1.20 - Local File Inclusion
WordPress Theme LineNity 1.20 - Local File Inclusion + Local File Inclusion in WordPress Theme LineNity + Date: 13/04/2014 + Risk: High + Author: Felipe Andrian Peixoto + Vendor Homepage: http://themeforest.net/item/linenity-clean-responsive-wordpress-magazine/4417803 + Contact:...
Sql injection
SQL injection vulnerability in download.php in Horizon Quick Content Management System QCMS 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter...
CVE-2013-7139
SQL injection vulnerability in download.php in Horizon Quick Content Management System QCMS 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter...
NITC 3.21 /download.php 任意文件下载漏洞
No description provided by source...
Dedecms v57 sp1 plus/download.php SQL注入漏洞
起因是全局变量$GLOBALS可以被任意修改,随便看了下,漏洞一堆,我只找了一处。 codeinclude/dedesql.class.php ifisset$GLOBALS'arrs1' $v1 = $v2 = ''; for$i=0;isset$arrs1$i;$i++ $v1 .= chr$arrs1$i; for$i=0;isset$arrs2$i;$i++ $v2 .= chr$arrs2$i; //解码ascii $GLOBALS$v1 .= $v2; //注意这里不是覆盖,是+ function SetQuery$sql $prefix="@"; $sql =...
Manhali 1.8 - Local File Inclusion
Exploit Title: Manhali v1.8 Local File Inclusion Vulnerability Date: 20/09/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://www.manhali.com/ Software Link: http://sourceforge.net/projects/manhali/files/manhali1.8.zip/download Versio...
SaltOS - download.php Cross-Site Scripting
SaltOS - download.php Cross-Site Scripting source: https://www.securityfocus.com/bid/55117/info SaltOS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of...
Rama Zeiten CMS Remote File Disclosure Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
GNUBoard 4.34.20 - download.php HTML Injection
GNUBoard 4.34.20 - download.php HTML Injection source: https://www.securityfocus.com/bid/52622/info Gnuboard is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script co...