Lucene search
K

422 matches found

NVD
NVD
added 2012/02/02 5:55 p.m.13 views

CVE-2012-0980

SQL injection vulnerability in download.php in phux Download Manager allows remote attackers to execute arbitrary SQL commands via the file parameter...

7.5CVSS8.3AI score0.01102EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2011/10/06 12:0 a.m.20 views

TYPO3 'download.php' Local File Disclosure Vulnerability

TYPO3 is prone to a local file disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3";...

7AI score
Exploits0References2
exploitpack
exploitpack
added 2011/09/29 12:0 a.m.17 views

Typo3 - File Disclosure

Typo3 - File Disclosure | | | ||\ || || || | \ // | | | || \ || || || | |\ //| | | \ | | |/ / | | || \ || || || | | \ // | | | \ | | / / | | || \ || || || | | \ // | | | | | | | /'\ / / | | || \ || || || | | \ // | | | | | \ \ / / / | | || \ || |||| | | \// | | | | | | | \ \ / / | |...

7.4AI score
Exploits0
0day.today
0day.today
added 2011/04/30 12:0 a.m.20 views

PixelGems <= Remote (File Disclosure/LFI) Exploit

Exploit for php platform in category web applications PixelGems Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail : submitat1337day.com 1 0 0 1 1 0 I'm KnocKout member from Inj3ct0r Team 1 1 0...

7.1AI score
Exploits0
CVE
CVE
added 2011/04/10 1:0 a.m.87 views

CVE-2011-1669

The CVE-2011-1669 entry corresponds to a directory traversal (Local File Inclusion) vulnerability in the WordPress WP Custom Pages plugin, affecting version 0.5.0.1. According to connected sources, the flaw resides in wp-download.php and allows remote attackers to read arbitrary server files by s...

5CVSS6.9AI score0.22157EPSS
Exploits1References6Affected Software1
htbridge
htbridge
added 2011/03/22 12:0 a.m.24 views

Multiple Vulnerabilities in Eleanor CMS

High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in Eleanor CMS which could be exploited to perform cross-site scripting and SQL injection attacks. 1 Cross-site scripting XSS vulnerability in Eleanor CMS The vulnerability exists due to input sanitation error in the...

7.5CVSS7.3AI score
Exploits0Affected Software1
Exploit DB
Exploit DB
added 2010/11/08 12:0 a.m.30 views

Seo Panel 2.1.0 - Critical File Disclosure

Title: Seo Panel 2.1.0 - Critical File Disclosure Body: Seo Panel - Critical File Disclosure http://www.exploit-db.com/finding-0days-in-web-applications/ Versions Affected: 2.1.0 previous versions were not checked. Info: A complete open source seo control panel for managing search engine...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2010/09/20 12:0 a.m.54 views

SQL injection vulnerability in e107

Vulnerability ID: HTB22603 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityine1071.html Product: e107 Website System Vendor: e107 http://www.e107.org/ Vulnerable Version: 0.7.23 and Probably Prior Versions Vendor Notification: 03 September 2010 Vulnerability Type: SQL Injectio...

0.6AI score
Exploits0
Cvelist
Cvelist
added 2010/07/27 6:39 p.m.22 views

CVE-2009-4960

Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. dot dot in the f parameter...

6.6AI score0.01669EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2010/06/14 12:0 a.m.31 views

Yamamah Photo Gallery 1.00 Local File Disclosure

|=---------------------------------------------------------------------------=| Yamamah Photo Gallery 1.00 download.php Local File Disclosure Vulnerability |=---------------------------------------------------------------------------=| |=------------------------------= by mat...

7.4AI score
Exploits0
0day.today
0day.today
added 2010/06/13 12:0 a.m.41 views

Yamamah Photo Gallery 1.00 (download.php) Local File Disclosure

Exploit for php platform in category web applications ============================================================================= Yamamah Photo Gallery 1.00 download.php Local File Disclosure Vulnerability =============================================================================...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2010/06/13 12:0 a.m.79 views

Yamamah Photo Gallery 1.00 - &#039;download.php&#039; Local File Disclosure

|=---------------------------------------------------------------------------=| Yamamah Photo Gallery 1.00 download.php Local File Disclosure Vulnerability |=---------------------------------------------------------------------------=| |=------------------------------= by mat...

7.4AI score
Exploits0
myhack58
myhack58
added 2010/06/12 12:0 a.m.28 views

PHPCMS2008 1 0 0 5 2 7 version website management system to download an arbitrary file vulnerability-vulnerability warning-the black bar safety net

Phpcms is a PHP-based+Mysql architecture of the web content management system, it is an open-source PHP development platform. Phpcms uses a modular approach to the development, functional and easy to use to facilitate the expansion, for medium to large sites provide heavyweight website Building...

0.5AI score
Exploits0
seebug.org
seebug.org
added 2010/05/28 12:0 a.m.16 views

PHPCMS2008 100527版本网站管理系统下载任意文件漏洞

phpcms2008sp4 下载任意文件漏洞发布后,27号官方的补丁是这样的: down.php ifpregmatch'/.php/i',$f || strpos$f, ":\" showmessage'地址有误'; //12行 没补丁前是这样的: ifpregmatch'/.php$/',$f || strpos$f, ":\" showmessage'地址有误'; //12行 可以看出两者的区别。 但同样是这个文件中: parsestr$ak;//8行 知道这里还有更好的利用方法了,再看文件: download.php if$m $fileurl =...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2010/04/23 2:0 p.m.19 views

CVE-2010-1498

Multiple SQL injection vulnerabilities in dlstats before 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 download.php and 2 viewfile.php...

8.5AI score0.02166EPSS
Exploits1References10
CVE
CVE
added 2010/04/23 2:0 p.m.45 views

CVE-2010-1498

Multiple SQL injection vulnerabilities affect the dl_stats package before version 2.0. The issue allows remote attackers to execute arbitrary SQL commands by supplying a crafted id parameter to two PHP endpoints: download.php and view_file.php. This conclusion is supported by CVE-2010-1498 record...

7.5CVSS8.8AI score0.02166EPSS
Exploits1References10Affected Software1
NVD
NVD
added 2010/03/18 6:30 p.m.21 views

CVE-2009-4726

Directory traversal vulnerability in download.php in Quickdev 4 PHP allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

5CVSS6.7AI score0.02922EPSS
Exploits0References3
securityvulns
securityvulns
added 2010/02/16 12:0 a.m.47 views

Joomla &#40;Jw_allVideos&#41; Remote File Download Vulnerability

Securitylab.ir Application Info: Name: Joomla jwallvideos Plugin Version: 1.0 Vulnerability Info: Type: Remote File Download Risk: Medium Vulnerability: http://site.com/plugins/content/jwallvideos/includes/download.php?file=./../.../file.php Discoverd By: Pouya Daneshmand Website:...

1.8AI score
Exploits0
Prion
Prion
added 2010/01/18 8:30 p.m.19 views

Sql injection

SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2005-3843...

7.5CVSS8.7AI score0.01345EPSS
Exploits2References4
NVD
NVD
added 2010/01/18 8:30 p.m.22 views

CVE-2009-4624

SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2005-3843...

7.5CVSS8.2AI score0.0098EPSS
Exploits2References4
Rows per page
Query Builder