LionWiki /index.php 任意文件下载漏洞

No description provided by source...

DamiCMS v2.2 /index.php 代码执行漏洞

No description provided by source...

Joomla index.php Multiple Parameter XSS - Ver2 (CVE-2011-2710)

A cross-site scripting vulnerability has been reported in Joomla. The vulnerability is due to the script not validating input appended to the URL or passed via the 'searchword', 'extension', 'asset', 'author' parameters upon submission to the index.php script. Successful exploitation of this...

Voodoo Chat index.php file_path Parameter PHP Code Execution - Ver2 (CVE-2006-3991)

A code execution vulnerability has been reported in Voc-project Voodoo Chat. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

GrapAgenda index.php page Parameter PHP Code Execution - Ver2 (CVE-2006-4610)

A code execution vulnerability has been reported in Graphiks Grapagenda. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2015-2679

Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the 1 page parameter to index.php or 2 username parameter to gxadmin/login.php...

KingCms最新版（k9）注入又1枚

简要描述： KingCms最新版（k9）注入又1枚 详细说明： 朋友的公司想购买kingcms的授权，让我帮忙看下。发现kingcms很长一段时间没更新了，憋了一段时间放出了最新版的k92014-12-13更新，官网下下来学习一下。 在wooyun上看到了几个漏洞，如： WooYun: kingcms最新版sql注入漏洞 注入点：POST /apps/jiaoyou/index.php HTTP/1.1 注入参数：where 问题文件在 /apps/jiaoyou/index.php function create $u=new user;$u-authrole'jiaoyou';...

KingCms最新版（k9）注入1枚

简要描述： KingCms最新版（k9）注入1枚 详细说明： 朋友的公司想购买kingcms的授权，让我帮忙看下。发现kingcms很长一段时间没更新了，憋了一段时间放出了最新版的k92014-12-13更新，官网下下来学习一下。 在wooyun上看到了几个漏洞，如： WooYun: kingcms最新版sql注入漏洞 注入点：POST /apps/jianli/index.php HTTP/1.1 注入参数：where 问题文件在/apps/jianli/index.php function create $u=new user;$u-authrole'jianli'; $db=new...

CVE-2015-2259: UliCMS index.php cross-site request forgery

CVE-2015-2259 affects UliCMS via the index.php script, where improper validation enables a CSRF condition. An authenticated user visiting a crafted site could be forced to perform actions that add an administrator account, with potential for cross-site scripting and Web cache poisoning. The descr...

724CMS 5.01 / 4.59 / 4.01 / 3.01 Information Leakage

724CMS 5.01 Multiple Information Leakage Security Vulnerabilities Exploit Title: 724CMS Multiple Information Leakage Security Vulnerabilities Vendor: 724CMS Product: 724CMS Vulnerable Versions: 3.01 4.01 4.59 5.01 Tested Version: 5.01 Advisory Publication: March 14, 2015 Latest Update: March 14,...

Sql injection

Multiple SQL injection vulnerabilities in Betster aka PHP Betoffice 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 showprofile.php or 2 categoryedit.php or 3 username parameter in a login to index.php...

KingCms最新版（k9）注入一枚

简要描述： KingCms最新版（k9）注入一枚 详细说明： 朋友的公司想购买kingcms的授权，让我帮忙看下。发现kingcms很长一段时间没更新了，憋了一段时间放出了最新版的k92014-12-13更新，官网下下来学习一下。 在wooyun上看到了几个漏洞，如： WooYun: kingcms最新版sql注入漏洞 注入点：GET...

CVE-2015-2243

Directory traversal vulnerability in Webshop hun 1.062S allows remote attackers to have unspecified impact via directory traversal sequences in the mappa parameter to index.php...

CVE-2015-2242

Multiple SQL injection vulnerabilities in Webshop hun 1.062S allow remote attackers to execute arbitrary SQL commands via the 1 termid or 2 nyelvid parameter to index.php...

Sql injection

Multiple SQL injection vulnerabilities in Webshop hun 1.062S allow remote attackers to execute arbitrary SQL commands via the 1 termid or 2 nyelvid parameter to index.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Webshop hun 1.062S allow remote attackers to inject arbitrary web script or HTML via the 1 param, 2 center, 3 lap, 4 termid, or 5 nyelvid parameter to index.php...

Directory traversal

Directory traversal vulnerability in Webshop hun 1.062S allows remote attackers to have unspecified impact via directory traversal sequences in the mappa parameter to index.php...

CVE-2015-2244

Multiple cross-site scripting XSS vulnerabilities in Webshop hun 1.062S allow remote attackers to inject arbitrary web script or HTML via the 1 param, 2 center, 3 lap, 4 termid, or 5 nyelvid parameter to index.php...

CVE-2015-2243

Directory traversal vulnerability in Webshop hun 1.062S allows remote attackers to have unspecified impact via directory traversal sequences in the mappa parameter to index.php...

PHP Betoffice (Betster) 1.0.4 - Authentication Bypass SQL Injection

PHP Betoffice Betster 1.0.4 - Authentication Bypass SQL Injection ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX /...