422 matches found
CVE-2012-0980
SQL injection vulnerability in download.php in phux Download Manager allows remote attackers to execute arbitrary SQL commands via the file parameter...
TYPO3 'download.php' Local File Disclosure Vulnerability
TYPO3 is prone to a local file disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3";...
Typo3 - File Disclosure
Typo3 - File Disclosure | | | ||\ || || || | \ // | | | || \ || || || | |\ //| | | \ | | |/ / | | || \ || || || | | \ // | | | \ | | / / | | || \ || || || | | \ // | | | | | | | /'\ / / | | || \ || || || | | \ // | | | | | \ \ / / / | | || \ || |||| | | \// | | | | | | | \ \ / / | |...
PixelGems <= Remote (File Disclosure/LFI) Exploit
Exploit for php platform in category web applications PixelGems Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail : submitat1337day.com 1 0 0 1 1 0 I'm KnocKout member from Inj3ct0r Team 1 1 0...
CVE-2011-1669
The CVE-2011-1669 entry corresponds to a directory traversal (Local File Inclusion) vulnerability in the WordPress WP Custom Pages plugin, affecting version 0.5.0.1. According to connected sources, the flaw resides in wp-download.php and allows remote attackers to read arbitrary server files by s...
Multiple Vulnerabilities in Eleanor CMS
High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in Eleanor CMS which could be exploited to perform cross-site scripting and SQL injection attacks. 1 Cross-site scripting XSS vulnerability in Eleanor CMS The vulnerability exists due to input sanitation error in the...
Seo Panel 2.1.0 - Critical File Disclosure
Title: Seo Panel 2.1.0 - Critical File Disclosure Body: Seo Panel - Critical File Disclosure http://www.exploit-db.com/finding-0days-in-web-applications/ Versions Affected: 2.1.0 previous versions were not checked. Info: A complete open source seo control panel for managing search engine...
SQL injection vulnerability in e107
Vulnerability ID: HTB22603 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityine1071.html Product: e107 Website System Vendor: e107 http://www.e107.org/ Vulnerable Version: 0.7.23 and Probably Prior Versions Vendor Notification: 03 September 2010 Vulnerability Type: SQL Injectio...
CVE-2009-4960
Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. dot dot in the f parameter...
Yamamah Photo Gallery 1.00 Local File Disclosure
|=---------------------------------------------------------------------------=| Yamamah Photo Gallery 1.00 download.php Local File Disclosure Vulnerability |=---------------------------------------------------------------------------=| |=------------------------------= by mat...
Yamamah Photo Gallery 1.00 (download.php) Local File Disclosure
Exploit for php platform in category web applications ============================================================================= Yamamah Photo Gallery 1.00 download.php Local File Disclosure Vulnerability =============================================================================...
Yamamah Photo Gallery 1.00 - 'download.php' Local File Disclosure
|=---------------------------------------------------------------------------=| Yamamah Photo Gallery 1.00 download.php Local File Disclosure Vulnerability |=---------------------------------------------------------------------------=| |=------------------------------= by mat...
PHPCMS2008 1 0 0 5 2 7 version website management system to download an arbitrary file vulnerability-vulnerability warning-the black bar safety net
Phpcms is a PHP-based+Mysql architecture of the web content management system, it is an open-source PHP development platform. Phpcms uses a modular approach to the development, functional and easy to use to facilitate the expansion, for medium to large sites provide heavyweight website Building...
PHPCMS2008 100527版本网站管理系统下载任意文件漏洞
phpcms2008sp4 下载任意文件漏洞发布后,27号官方的补丁是这样的: down.php ifpregmatch'/.php/i',$f || strpos$f, ":\" showmessage'地址有误'; //12行 没补丁前是这样的: ifpregmatch'/.php$/',$f || strpos$f, ":\" showmessage'地址有误'; //12行 可以看出两者的区别。 但同样是这个文件中: parsestr$ak;//8行 知道这里还有更好的利用方法了,再看文件: download.php if$m $fileurl =...
CVE-2010-1498
Multiple SQL injection vulnerabilities in dlstats before 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 download.php and 2 viewfile.php...
CVE-2010-1498
Multiple SQL injection vulnerabilities affect the dl_stats package before version 2.0. The issue allows remote attackers to execute arbitrary SQL commands by supplying a crafted id parameter to two PHP endpoints: download.php and view_file.php. This conclusion is supported by CVE-2010-1498 record...
CVE-2009-4726
Directory traversal vulnerability in download.php in Quickdev 4 PHP allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...
Joomla (Jw_allVideos) Remote File Download Vulnerability
Securitylab.ir Application Info: Name: Joomla jwallvideos Plugin Version: 1.0 Vulnerability Info: Type: Remote File Download Risk: Medium Vulnerability: http://site.com/plugins/content/jwallvideos/includes/download.php?file=./../.../file.php Discoverd By: Pouya Daneshmand Website:...
Sql injection
SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2005-3843...
CVE-2009-4624
SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2005-3843...