31 matches found
CVE-2008-4651
CVE-2008-4651 affects Jetbox CMS 2.1 with multiple SQL injection vulnerabilities that allow remote authenticated users to execute arbitrary SQL commands. The issues are triggered via (1) the orderby parameter to admin/cms/images.php and (2) the nav_id parameter in an editrecord action to admin/cm...
RMSOFT Gallery System 2.0 (images.php id) SQL Injection Vulnerability
No description provided by source. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-= Author: youkn0w Contact: you-knowatlinuxmail.org Website: www.youknowz.info Script: RRMSOFT Gallery Bug: RRMSOFT Gallery Remote SQL Injection =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-= Script Information...
CVE-2008-0611
CVE-2008-0611 : SQL injection in the RMSOFT Gallery System 2.0 module for XOOPS (rmgs/images.php) allows remote attackers to run arbitrary SQL via the id parameter. Affected component: rmgs/images.php in RMSOFT Gallery System 2.0 for XOOPS. Consequences: partial impact to confidentiality, integri...
Pluxml Images.PHP远程文件包含漏洞
Eva-Web是一款基于PHP的WEB应用程序。 Eva-Web不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Index.PHP3'脚本对用户提交的WEB参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 SPIP-Education EVA-Web 2.1.2 SPIP-Education EVA-Web 2.2 SPIP-Education EVA-Web 2.1 SPIP-Education EVA-Web 2.0 目前没有详细解决方案提供:...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Realty Pro One allow remote attackers to inject arbitrary web script or HTML via the 1 listingid parameter to a images.php, b indexother.php, or c requestinfo.php; 2 propertyid parameter to d searchlookup.php, 3 id parameter to e images.php, or...
CVE-2006-1659
Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in imagedesc.php, 2 provided parameter in template.php, 3 cid parameter in suggestimage.php, 4 imgid parameter in insertrating.php, and 5 cid parameter i...
Design/Logic Flaw
Laurentiu Matei eXpandable Home Page XHP CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using 1 manager.php, 2 standalonemanager.php, and 3 images.php...
CVE-2006-1371
Laurentiu Matei eXpandable Home Page XHP CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using 1 manager.php, 2 standalonemanager.php, and 3 images.php...
CVE-2006-1363
images.php in Justin White aka YTZ Free Web Publishing System FreeWPS 2.11 allows remote attackers to execute arbitrary PHP code by uploading a .php file into the /upload directory as specified in the dirPath parameter, then performing a direct request to that file...
FreeWPS <= 2.11 (images.php) Remote Code Execution Exploit
No description provided by source. ? errorreportingEERROR; function exploitinit if !extensionloaded'phpcurl' && !extensionloaded'curl' if !dl'curl.so' && !dl'phpcurl.dll' die "oo error - cannot load curl extension!"; function exploitheader echo...
FreeWPS <= 2.11 (images.php) Remote Code Execution Exploit
Exploit for unknown platform in category web applications ========================================================== FreeWPS = 2.11 images.php Remote Code Execution Exploit ========================================================== ? errorreportingEERROR; function exploitinit if...