CVE-2012-1212

Cross-site scripting XSS vulnerability in the smwfOnSfSetTargetName function in extensions/SMWHalo/includes/SMWInitialize.php in Semantic Enterprise Wiki SMW+ 1.5.6, 1.6.02 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter to...

CVE-2012-0997

Cross-site request forgery CSRF vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action...

Sql injection

SQL injection vulnerability in CONTIMEX Impulsio CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php...

CVE-2012-1294

SQL injection vulnerability in CONTIMEX Impulsio CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php...

P-Chat 0.9 Cross Site Scripting

Exploit Title: P-Chat v0.9 XSS Vulnerability Date: 2012 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability Web Site: www.eyupcelik.com.tr ISSUE Cross Site Scripting can be done using the command input Vulnerable Page: index.php XSS Example: "/ XSS Code POC:...

CVE-2012-0997

Cross-site request forgery CSRF vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action...

CVE-2012-0997

CVE-2012-0997: CSRF vulnerability in 11in1 1.2.1 stable (12-31-2011) affecting admin/index.php, allowing an attacker to hijack administrator authentication to perform addTopic requests. Multiple connected sources corroborate CSRF context and impact (topic creation via addTopic) with PoC examples ...

Webgrind 1.0 Cross Site Scripting

webgrind 1.0 dataFile Remote Reflected XSS Vulnerability Vendor: Joakim Nygard and Jacob Oettinger Product web page: http://code.google.com/p/webgrind Affected version: 1.0 Summary: Webgrind is an Xdebug profiling web frontend in PHP5. Desc: webgrind suffers from a XSS vulnerability when parsing...

WampServer 2.2c Cross Site Scripting

WampServer = 2.2c lang Remote Cross-Site Scripting Vulnerability Vendor: Alter Way Product web page: http://www.wampserver.com Affected version: = 2.2c 32/64bit Summary: WampServer is a Windows web development environment. It allows you to create web applications with Apache2, PHP and a MySQL...

Sql injection

SQL injection vulnerability in the WP-RecentComments plugin 2.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in an rc-content action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third part...

AHLANNET SQL Injection Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

CVE-2012-1058

Summary: CVE-2012-1058 is a CSRF vulnerability in Flyspray 0.9.9.6 that allows remote attackers to hijack admin authentication by triggering admin.newuser actions on index.php to add new admin accounts. What is affected: Flyspray 0.9.9.6. The connected documents describe the vulnerability as CSRF...

Nova CMS Remote File Inclusion

========================== Nova CMS RFI Vulnerability ========================== Vendor: http://canopus.oron.com/i755lr7evek7np4dpndrvbqcqhs3uj4igorbmlhaqwglgek3qc2old7whll7z4mlrtcyk73t/MachForm.v2.4.PHP.NULL-DGT.zip Date: 2012-1-27 Author : indoushka Exploit By indoushka ------------- dork :...

CVE-2011-5076

SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATHINFO to index.php. NOTE: some of these details are obtained from third party information...

CVE-2011-5076

The CVE-2011-5076 entry describes an SQL injection in HDWiki’s model/comment.class.php for HDWiki 5.0/5.1 (and possibly other versions), exploitable via PATH_INFO to index.php, allowing remote execution of arbitrary SQL commands. Root cause: unsafe SQL construction in the affected file. Documents...

CVE-2012-1023

The CVE-2012-1023 entry concerns an Open Redirect vulnerability in 4images 1.7.10, specifically in admin/index.php where an attacker can abuse the redirect parameter to send users to arbitrary sites, enabling phishing-like redirection. Connected sources confirm the affected product (4images 1.7.1...

CVE-2012-0981

Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. dot dot in the r parameter to index.php. NOTE: Some of these details are obtained from third party information...

Sql injection

SQL injection vulnerability in Scriptsez.net Ez Album allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php...

OSClass 2.3.3 - 'index.php?getParam()' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/51662/info OSClass is prone to SQL-injection and cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit...