Cross site scripting

Cross-site scripting XSS vulnerability in templates/default/Admin/Login.html in PHP-SCMS 1.6.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter to index.php...

Sql injection

SQL injection vulnerability in index.php in Video Community Portal allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2011-5220

Cross-site scripting XSS vulnerability in templates/default/Admin/Login.html in PHP-SCMS 1.6.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter to index.php...

CVE-2010-4821

Cross-site scripting XSS vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php...

Sql injection

SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the 1 user name or 2 password field...

CVE-2012-4232

SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to execute arbitrary SQL commands via the memberloginid cookie...

CVE-2012-4989

OpenX 2.8.10 and earlier versions are vulnerable to a Cross‑Site Scripting (XSS) in admin/plugin-index.php via the parent parameter in the info action (CVE-2012-4989). The root cause is unsanitized input returned to the administrator’s browser. Vendor fixed it in SVN revision 81823 (solution file...

CVE-2012-1900

CVE-2012-1900 affects RazorCMS 1.2.1 and earlier. The vulnerability is a Cross-Site Request Forgery in admin/index.php that lets remote attackers hijack an administrator’s session to perform showcats actions that delete arbitrary web pages. Root cause: CSRF in the admin interface enabling unautho...

CVE-2010-4821

Summary (CVE-2010-4821) A cross-site scripting (XSS) vulnerability affects phpMyFAQ prior to 2.6.9. The issue allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. The root cause is improper handling of PATH_INFO in the index entry point, leading to script...

CVE-2012-4232

CVE-2012-4232 is a SQL Injection in jCore before 1.0pre2, exploitable via the cookie value memberloginid in /admin/index.php, allowing remote attackers to execute arbitrary SQL. Related advisory data also notes CVE-2012-4231 (XSS in path parameter) and that the vendor fixed the issue in a subsequ...

CVE-2012-4231

CVE-2012-4231 corresponds to an XSS flaw in jCore’s admin/index.php prior to 1.0pre2. The vulnerability arises from insufficient sanitization of the path parameter in the GET request, allowing an attacker to inject arbitrary HTML/Script that is executed in the victim’s browser (context of the aff...

CVE-2011-5212

SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the 1 user name or 2 password field...

PHP-eSeller SQL Injection Vulnerability

----- 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

TinyCMS 1.4 Local File Inclusion

Exploit title: TinyCMS - Local File Inclusion + Date: 2/10/2012 + Author: Phizo + Vendor: http://www.tinycms.net/ + Version: 1.2 - 1.4 + Category: webapps + Google dork: intext:"Powered by TinyCMS" + Tested on: Windows 7 | Firefox 15.0.1 All current versions of TinyCMS seem to be affected by the...

Sql injection

SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php...

Directory traversal

Directory traversal vulnerability in index.php in phpPaleo 4.8b155 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in asaanCart 0.9 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO to calc.php, 2 chat.php, 3 register.php, or 4 index.php in libs/smartyajax/; or the 5 page parameter to libs/smartyajax/index.php...

Directory traversal

Directory traversal vulnerability in asaanCart 0.9 allows remote attackers to include arbitrary local files via a .. dot dot in the page parameter to index.php...

CVE-2012-5330

Multiple cross-site scripting XSS vulnerabilities in asaanCart 0.9 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO to calc.php, 2 chat.php, 3 register.php, or 4 index.php in libs/smartyajax/; or the 5 page parameter to libs/smartyajax/index.php...

CVE-2012-5330

Multiple cross-site scripting XSS vulnerabilities in asaanCart 0.9 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO to calc.php, 2 chat.php, 3 register.php, or 4 index.php in libs/smartyajax/; or the 5 page parameter to libs/smartyajax/index.php...