Directory traversal

Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F encoded dot dot slash in the defaultlang parameter...

CVE-2012-2227

Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F encoded dot dot slash in the defaultlang parameter...

CVE-2012-2227

PluXml is affected by a Local File Inclusion in update/index.php before version 5.1.6. The issue arises from using the default_lang parameter in include_once(), enabling an attacker to traverse directories and include arbitrary local files. Public disclosures and exploits reference PluXml 5.1.5 (...

WordPress Finder Cross Site Scripting

Exploit Title: Wordpress Finder Cross Site Scripting Vulnerability Google Dork: inurl:wp-content/plugins/finder/ Date: 08/24/2012 Author: Crim3R Tested on: all $ $ ----Author will be not responsible for any damage---- $ ======================================== the order parametr is Vulnerable to...

CVE-2011-5103

SQL injection vulnerability in Alurian Prismotube PHP Video Script allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php...

CVE-2011-5112

SQL injection vulnerability in Alameda comalameda component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php...

Sql injection

Multiple SQL injection vulnerabilities in Kajian Website CMS Balitbang 3.x allow remote attackers to execute arbitrary SQL commands via the hal parameter to 1 the data module in alumni.php; or the 2 lihbuku, 3 artikel, 4 album, or 5 berita module in index.php...

CVE-2011-5115

DLGuard is affected by an XSS vulnerability (likely in version 4.6 and earlier) that can be triggered via the searchCart parameter to index.php. The root cause is insufficient input sanitization, allowing injection of arbitrary scripts/HTML. OpenVAS notes the vulnerability with a WillNotFix remed...

1024cms 2.1.1 SQL Injection

Exploit Title: 1024cms 0 mysqlquery"UPDATE ".$prefix."online SET time='".$now."' WHERE ip='".$ip."'" or die"WHOSONLINE::: Cannot update user: ".mysqlerror; else mysqlquery"INSERT INTO ".$prefix."online time, ip, username, location, uid VALUES '".$now."', '".$ip."', '".$username."', '".$location."...

YourArcadeScript 2.4 - 'index.php?id' SQL Injection

Exploit Title: YourArcadeScript 2.4 SQLi Vulnerability Version: 2.4 Date: 17/08/2012 Author: DaOne LCA Software Link: http://www.yourarcadescript.com Google Dork: intext:"Powered by YourArcadeScript 2.4" Exploit http://localhost/index.php?act=cat&id=Error Based Injection thanks to : All LibyanCA...

CVE-2012-3869

Cross-site scripting XSS vulnerability in include/classes/class.rexlist.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php...

CVE-2012-3869

Cross-site scripting XSS vulnerability in include/classes/class.rexlist.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php...

CVE-2012-3869

CVE-2012-3869 (Redaxo XSS) : A cross-site scripting vulnerability exists in Redaxo 4.3.x and 4.4 where input passed via the subpage parameter to index.php (when page is set to user or template) is not properly sanitized, allowing remote attackers to inject arbitrary HTML/JavaScript. Exploitation ...

CVE-2012-4251

The CVE-2012-4251 entry corresponds to multiple XSS vulnerabilities in MySQLDumper 1.24.4. Reported affected vectors include index.php (page param), install.php (phase param), sql.php (tablename or dbid params), and restore.php (filename param) within learn/cubemail/. The connected sources confir...

Hotel Booking Portal v0.1 Multiple Vulnerabilities

Exploit for php platform in category web applications ----------------------------------------------------------- / | | | | | | | | | | | | | | | | | / |/ |/ \ | | || | || | | | | / | ||\,|,||| ----------------------------------------------------------- Hotel Booking Portal v0.1 Multiple...

CVE-2012-4070

SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php...

Sql injection

SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php...

Sql injection

SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page...

CVE-2012-4034

Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the 1 username parameter to the send page, 2 email parameter to the forget page, 3 password parameter to the forumarchive page, 4 section parameter to the management page, 5...

PT-2012-5160 · Pbboard · Pbboard

Name of the Vulnerable Software and Affected Versions: PBBoard version 2.1.4 Description: The issue allows remote attackers to change the password of arbitrary user accounts. This is achieved by exploiting the new password page, specifically through the member id and new password parameters to th...