Fonality trixbox - index.php Directory Traversal

Fonality trixbox - index.php Directory Traversal source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these...

CVE-2014-3992

Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the 1 entity parameter in an update action to user/fiche.php or 2 sortorder parameter to user/group/index.php...

CVE-2014-3991

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the 1 dolusejmobile, 2 doloptimizesmallscreen, 3 dolnomousehover, 4 dolhidetopmenu, 5 dolhideleftmenu, 6 mainmenu, or 7 leftmenu parameter to index.php; th...

CVE-2014-4850

SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter...

Sql injection

SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter...

maccms 8 /index.php SQL注入漏洞

No description provided by source...

cmseasy 反射型XSS无视浏览器filter无视360webscan

简要描述： RT，cmseasy后台是可以csrf getshell的。但我这里，就算以后cmseasy后台加token、验证referer，我也不怕了，反正是XSS，可以窃取token的，referer也是本站。 详细说明： 这个反射型XSS出在/bbs/index.php中，第4行： window.location.href='". strreplace'/bbs', '', $SERVER'REQUESTURI'."';"; requireonce 'bbspublic.php'; $category = dbbbscategory::getInstance;...

CVE-2014-4594

Cross-site scripting XSS vulnerability in index.php in the WordPress Responsive Preview plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter...

CVE-2014-4593

CVE-2014-4593 is a cross-site scripting (XSS) vulnerability in the WP Plugin Manager (WP Plugin Manager) plugin for WordPress, specifically in wp-plugins-net/index.php up to version 1.6.4.b. The flaw allows remote attackers to inject arbitrary web script or HTML via the filter parameter. Connecte...

CVE-2014-4169: BoltWire index.php file upload

BoltWire (vulnerable through /index.php) suffers from improper validation of uploaded filenames, allowing an attacker with valid credentials to upload a PHP file and rename it (e.g., file.php) to achieve remote code execution and complete compromise of the web application. Descriptions from 1337D...

CMS Openpage (index.php) SQL Injection Vulnerability

No description provided by source. ==================================================== CMS Openpage index.php SQL Injection Vulnerability ==================================================== + Discovered by: Phenom + My id: http://inj3ct0r.com/author/2157 + Original:...

Thickbox Gallery 2 - (index.php ln) Local File Inclusion Vulnerability

No description provided by source. + Thickbox Gallery v2 Local File Inclusion Vulnerability + Discovered By SirGod + www.mortal-team.net + www.h4cky0u.org + Local File Inclusion PoC : http://127.0.0.1/path/index.php?ln=../../../../../../BOOTSECT.BAK%00 milw0rm.com 2009-04-27...

Deep CMS 2.0 Index.PHP Remote File Include Vulnerability

No description provided by source...

PowerPortal 1.1/1.3 index.php search Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/16279/info PowerPortal is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to hav...

Free FAQ 1.0 Index.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20621/info Free Faq is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. A successful exploit of this issue allows an attacker to execute arbitrary server-side script...

wbblog (xss/sql) Multiple Vulnerabilities

No description provided by source. ======================x=o=r=o=n===================== WBBlog XSS/SQL Multiple Remote Vulnerabilities ======================x=o=r=o=n===================== Bulan: xoron xoron.biz ======================x=o=r=o=n===================== SQL INJ:...

NovaBoard <= 1.0.1 (message) Persistent XSS Vulnerability

No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= NovaBoard = 1.0.1 / XSS Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= $ Program: NovaBoard $ Version: = 1.0.1 $ File affected: index.php $ Download: http://www.novaboard.net/ Found by Pepelux pepeluxatenye-sec.org...

LokiCMS <= 0.3.4 (index.php page) Arbitrary Check File Exploit

官网链接: http://www.lokicms.com/ 影响版本：= 0.3.4 概述： LokiCMS 0.3.4及之前版本中的index.php存在目录遍历漏洞。当magicquotesgpc被中止时，远程攻击者可以借助页参数中的".."，来检查任意文件是否存在。 漏洞页面： vuln file: index.php 漏洞代码： if isset $GET && isset $GET'page' $pagename = stripslashes trim $GET'page' ; // load the page if $pagename == '' $name =...

Duhok Forum 1.0 script Cross Site Scripting Vulnerability

No description provided by source. ======================================================================================== | Title : Duhok Forum 1.0 script Cross Site Scripting Vulnerability | Author : indoushka | email : [email protected] | Home : www.iq-ty.com $ | Dork : duhokFrm 1.0 $ |...

PHPNuke 6.x Category Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9630/info It has been reported that PHPNuke may prone to a SQL injection vulnerability, due to insufficient sanitization user-supplied input. The problem is reported to exist in the $category variable contained within the...