688 matches found
RunCMS Module MyAnnonces (cid) SQL Injection Vulnerability
Exploit for unknown platform in category web applications ========================================================== RunCMS Module MyAnnonces cid SQL Injection Vulnerability ========================================================== runcms MyAnnonces SQL Injectioncid DORK 1 : allinurl: "modules...
CVE-2007-6695
Cross-site scripting XSS vulnerability in index.php in Drake CMS 0.4.9 allows remote attackers to inject arbitrary web script or HTML via the option parameter...
CVE-2007-6647
SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter...
CVE-2007-6660
The CVE-2007-6660 entry involves the 2z project version 0.9.6.1 where information disclosure can occur via (1) a request to index.php with an invalid template or (2) a request to the default URI with certain year/month parameters, causing error messages that reveal the path. The NVD description d...
CVE-2007-6489
Multiple cross-site scripting XSS vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the 1 gbmail, 2 gbname, and 3 gbtext parameters in a guestbook action to index.php, and unspecified other vectors...
CVE-2007-6455
Multiple cross-site scripting XSS vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the 1 Itemid parameter in a comfrontpage option and the 2 option parameter...
UBUNTU-CVE-2007-5109
Cross-site request forgery CSRF vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified 1 regpass and 2 level parameters in a noneLogin action, as demonstrated by using...
PT-2007-3877 · Pfa · Pfa Cms
Name of the Vulnerable Software and Affected Versions: pfa CMS version 6.0 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the repinc parameter in the index.php file. However, it's noted that $repinc is set to a constant value before use, which disputes t...
PT-2007-3644 · Bloofox · Bloofoxcms
Name of the Vulnerable Software and Affected Versions: BlooFoxCMS version 0.2.2 Description: The issue concerns a PHP remote file inclusion vulnerability in the install/index.php file of BlooFoxCMS. This vulnerability potentially allows remote attackers to execute arbitrary PHP code via a URL in...
CVE-2007-1999
PHP remote file inclusion vulnerability in index.php in Weatimages 1.7.1 and earlier, when weatimages.ini is missing, allows remote attackers to execute arbitrary PHP code via a URL in the inilangpack parameter...
CVE-2007-2013
Cross-site scripting XSS vulnerability in index.php in JEx-Treme Einfacher Passworschutz allows remote attackers to inject arbitrary web script or HTML via the msg parameter...
CVE-2007-1957
Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain Portail Web Php aka Gsylvain35 Portail Web, PwP allow remote attackers to execute arbitrary PHP code via a URL in the pageAll parameter to index.php in 1 template/Vert/, or 2 template/Noir/...
CVE-2007-1148
PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter...
CVE-2007-1135
Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the 1 strid parameter to index.php and the 2 id0 or other id array index parameter to filecheck.php...
CVE-2007-1149
Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. dot dot in 1 the step parameter to install/index.php or 2 the load parameter to the top-level URI...
CVE-2007-1152
Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. dot dot in the 1 act or 2 pid parameter to the top-level URI index.php, or the 3 action parameter to admin/index.php. NOTE: some of these details are obtained from third part...
PT-2007-2553 · Xt:Commerce · Xt:Commerce
Name of the Vulnerable Software and Affected Versions: xtcommerce affected versions not specified Description: The issue allows remote attackers to read arbitrary files via a .. dot dot in the template parameter of the index.php file. This enables access to sensitive information. Recommendations:...
DEBIAN-CVE-2007-1054
Cross-site scripting XSS vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer...
CVE-2006-6230
SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a register action to index.php, a different vulnerability than CVE-2006-0962...
PT-2006-5618 · All Enthusiast · Reviewpost
Name of the Vulnerable Software and Affected Versions: All Enthusiast ReviewPost version 2.5 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the RP PATH parameter in the index.php file. Recommendations: For All Enthusiast ReviewPost version 2.5, consider...