CVE-2012-3952

CVE-2012-3952 is an XSS vulnerability in phpList 2.10.18 and earlier, occurring in admin/index.php when the unconfirmed parameter is used (page=user). Exploitation can cause arbitrary HTML/script execution in an administrator’s browser. The related advisory confirms a fixed vendor patch: upgrade ...

HTTP header injection - ownCloud

A Header injection vulnerability in ownCloud before 4.0.8 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the HTTP url path parameter to index.php. Affected Software ownCloud Server 4.0.8 CVE-2012-5057 Action Taken It is...

Server: HTTP header injection

A Header injection vulnerability in ownCloud before 4.0.8 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the HTTP url path parameter to index.php. For more information please consult the official advisory. This advisory is...

Server: Multiple XSS vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the readyCallback parameter to PUT.swf in apps/filesodfviewer/src/webodf/webodf/flashput/ the root parameter to index.php in apps/gallery/templates/ a...

phpcms v9 index.php本地任意文件包含漏洞

No description provided by source...

NetArt Media iBoutique 4.0 (index.php key parameter) SQL Injection Vulnerability

Exploit for php platform in category web applications Overview: --------- NetArt Media iBoutique SQL Injection Vulnerability. Technical Description: ---------------------- An SQL Injection Vulnerability is present in NetArt Media iBoutique as it fails to sanitise user-supplied input. Input passed...

CVE-2012-3350

The CVE-2012-3350 entry refers to a Blind SQL Injection in Webmatic 3.1.1 (vendor: valarsoft.com) via the Referer HTTP header fed to index.php. The underlying issue is improper sanitization of input used in SQL queries, enabling remote attackers to infer data (e.g., via time-based techniques) and...

Auth bypass in index.php - ownCloud

index.php before ownCloud 4.0.7 does not properly validate the octoken cookie, which allows remote attackers to bypass authentication via a crafted octoken cookie value. Affected Software ownCloud Server 4.0.7 CVE-2012-4392 Action Taken It is recommended that all instances are upgraded to ownClou...

Server: Auth bypass in index.php

index.php before ownCloud 4.0.7 does not properly validate the octoken cookie, which allows remote attackers to bypass authentication via a crafted octoken cookie value. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...

A Page Flip Book 2.3 - index.php pageflipbook_language Parameter Traversal Local File Inclusion

The A Page Flip Book WordPress plugin was affected by an index.php pageflipbooklanguage Parameter Traversal Local File Inclusion security vulnerability...

CVE-2012-3836

Multiple cross-site scripting XSS vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 groupname parameter in a savecategory in the users module; 2 virtualfilename, 3 branch, 4 contactperson, 5 street, 6 city, 7 province, 8 postal, 9...

CVE-2012-3839

Multiple SQL injection vulnerabilities in application/core/MYModel.php in MyClientBase 0.12 allow remote attackers to execute arbitrary SQL commands via the 1 invoicenumber or 2 tags parameter to index.php/invoicesearch...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php/users/form/userid in MyClientBase 0.12 allow remote attackers to inject arbitrary web script or HTML via the 1 firstname or 2 lastname parameters...

Auth bypass in index.php - ownCloud

ownCloud 4.0.6 and all versions previous to this doesn't sufficiently verify whether a request to appconfig.php was sent by an admin, which allows remote authenticated users to edit app configurations. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393. Affected...

webERP 4.08.1 - LocalRemote File Inclusion

webERP 4.08.1 - LocalRemote File Inclusion :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com 2012-06-27 webERP = 4.08.1 Local/Remote File Inclusion Vulnerability Script:...

mag-bussum - SQL Injection Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x...

CVE-2012-3790

CVE-2012-3790 is an XSS vulnerability in Adiscon LogAnalyzer. The affected software is LogAnalyzer, specifically versions before 3.4.4 and 3.5.x before 3.5.5, where a cross-site scripting flaw can be triggered via the highlight parameter in the index.php Search action. The underlying issue allows...

VANA CMS - index.php Script SQL Injection

VANA CMS - index.php Script SQL Injection source: https://www.securityfocus.com/bid/54066/info VANA CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise...

PHP Decoda 3.3.1 - Local File Inclusion

PHP Decoda 3.3.1 - Local File Inclusion Exploit Title: php-decoda local file inclusion Date: 16/06/2012 Author: Number 7 Software Link: http://milesj.me/code/php/decoda Version: 3.3.1 Tested on: linux Exp: http://localhost/milesj-php-decoda/index.php?view=../../../../../../../etc/passwd%00 Line 1...

ADICO - index.php Script SQL Injection

ADICO - index.php Script SQL Injection source: https://www.securityfocus.com/bid/54023/info ADICO is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the...