107 matches found
Sql injection
SQL injection vulnerability in komentar.php in the Forum Module for auraCMS Modul Forum Sederhana allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI. NOTE: some of these details are obtained from third party information...
CVE-2007-4171
The CVE-2007-4171 entry describes a SQL injection in auraCMS’s Forum Module (Forum Sederhana) via the id parameter to the default URI, affecting komentar.php. The vulnerability allows remote attackers to execute arbitrary SQL commands, with impacts described as partial confidentiality/integrity/a...
CVE-2007-4171
SQL injection vulnerability in komentar.php in the Forum Module for auraCMS Modul Forum Sederhana allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI. NOTE: some of these details are obtained from third party information...
AuraCMS [Forum Module] - Remote SQL Injection
AuraCMS Forum Module - Remote SQL Injection Vendor : http://auracms.org/ Download : http://iwan.or.id/redirect/download/36.html -- Forum Module Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg @irc.dal.net Dork : inurl:"?pilih=forum" file; /forum/komentar.php bug at...
AuraCMS [Forum Module] Remote SQL Injection Vulnerability
No description provided by source. AuraCMS Forum Module - Remote SQL Injection Vendor : http://auracms.org/ Download : http://iwan.or.id/redirect/download/36.html -- Forum Module Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg @irc.dal.net Dork : inurl:"?pilih=forum"...
AuraCMS Forum Module - SQL Injection
AuraCMS Forum Module - SQL Injection AuraCMS Forum Module - Remote SQL Injection Vendor : http://auracms.org/ Download : http://iwan.or.id/redirect/download/36.html -- Forum Module Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg @irc.dal.net Dork : inurl:"?pilih=foru...
AuraCMS [Forum Module] Remote SQL Injection Vulnerability
No description provided by source. AuraCMS Forum Module - Remote SQL Injection Vendor : http://auracms.org/ Download : http://iwan.or.id/redirect/download/36.html -- Forum Module Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg @irc.dal.net Dork : inurl:"?pilih=forum"...
AuraCMS [Forum Module] Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ========================================================= AuraCMS Forum Module Remote SQL Injection Vulnerability ========================================================= AuraCMS Forum Module - Remote SQL Injection Vendor :...
AuraCMS Forum Module - SQL Injection
AuraCMS Forum Module - Remote SQL Injection Vendor : http://auracms.org/ Download : http://iwan.or.id/redirect/download/36.html -- Forum Module Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg @irc.dal.net Dork : inurl:"?pilih=forum" file; /forum/komentar.php bug at...
otscms 2.1.5 - SQL Injection / Cross-Site Scripting
Coding 4 Fun Name = OTSCMS 2.1.5 by Wrzasq http://otscms.com ; Class = Sql Injection / XSS ; Download = http://sourceforge.net/project/showfiles.php?groupid=145557 ; Found by = GregStar gregstaratc4f.pl http://c4f.pl ;...
CVE-2006-6522
Multiple cross-site scripting XSS vulnerabilities in WikiTimeScale TwoZero before 2.31 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the 1 forum module and 2 event descriptions. NOTE: some of these details are obtained from third party information...
[DRUPAL-SA-2006-024] Drupal 4.6.10 / 4.7.4 fixes multiple XSS issues
------------------------------------------------------------------------ ---- Drupal security advisory DRUPAL-SA-2006-024 ------------------------------------------------------------------------ ---- Project: Drupal core Date: 2006-Oct-18 Security risk: Moderately critical Exploitable from: Remot...
FreeBSD : drupal -- multiple XSS vulnerabilities (b2383758-5f15-11db-ae08-0008743bf21a)
The Drupal Team reports : A bug in input validation and lack of output validation allows HTML and script insertion on several pages. Drupal's XML parser passes unescaped data to watchdog under certain circumstances. A malicious user may execute an XSS attack via a specially crafted RSS feed. This...
DRUPAL-SA-2006-024 - Drupal core - Multiple cross site scripting vulnerabilities
Multiple XSS cross site scripting vulnerabilities have been discovered. A bug in input validation and lack of output validation allows HTML and script insertion on several pages. Drupal's XML parser passes unescaped data to watchdog under certain circumstances. A malicious user may execute an XSS...
drupal -- multiple XSS vulnerabilities
The Drupal Team reports: A bug in input validation and lack of output validation allows HTML and script insertion on several pages. Drupal's XML parser passes unescaped data to watchdog under certain circumstances. A malicious user may execute an XSS attack via a specially crafted RSS feed. This...
CVE-2006-0851
SQL injection vulnerability in the forum module of ilchClan 1.05g and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, when creating a newpost...
CVE-2006-0851
SQL injection vulnerability in the forum module of ilchClan 1.05g and earlier allows remote attackers to execute arbitrary SQL via the pid parameter when creating a newpost. Root cause: unsanitized input in the pid field. Impact: partial confidentiality/integrity/availability. Affected: ilchClan ...
CVE-2006-0851
SQL injection vulnerability in the forum module of ilchClan 1.05g and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, when creating a newpost...
PHPWebThings <= 1.4 (msg/forum) SQL Injection Exploit
No description provided by source. ?php ---phpwebth14xpl.php 10.47 16/11/2005 PHPWebThings 1.4 "msg" and "forum" SQL injection / Administrative credentials disclosure and remote commands execution coded by rgod site: http://rgod.altervista.org based on http://secunia.com/advisories/17410/, but he...
CVE-2005-3436
CVE-2005-3436 affects Nuked-Klan 1.7 with a cross-site scripting (XSS) vulnerability. The issue permits injection of arbitrary web script or HTML via multiple inputs: (1) the Search module, (2) specific fields in Guestbook, (3) the Forum module title, and (4) Textbox. The root cause is unsanitize...