PHPCMS V9 index.php 跨站脚本漏洞

漏洞文件：phpcms/modules/message/templates/index.php 漏洞代码： 176行: $replyinfos= $this-messagedb-listinfo$where,$order = 'messageid ASC',$page, $pages = '10'; 191行: $replyinfos= $this-messagedb-listinfo$where,$order = 'messageid ASC',$page, $pages = '10'; 漏洞代码： 将176行和191行都替换为成: $replyinfos...

Sql injection

SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2011-5038

SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2011-5041

Pulse Pro CMS 1.7.2 contains multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter in a blocks action and (2) post_id parameter in an edit-post action to index.php. The available connected documents corrobora...

CVE-2011-5041

Multiple cross-site scripting XSS vulnerabilities in Pulse Pro CMS 1.7.2 allow remote attackers to inject arbitrary web script or HTML via the 1 d parameter in a blocks action and 2 postid parameter in an edit-post action to index.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Simple PHP Blog 0.7.0 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the 1 entry parameter to delete.php or 2 category parameter to index.php...

CVE-2011-5029

Multiple cross-site scripting XSS vulnerabilities in Simple PHP Blog 0.7.0 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the 1 entry parameter to delete.php or 2 category parameter to index.php...

Unrestricted file upload

Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension using the upload action to index.php, then accessing it via a direct request to the file in an unspecified directory...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...

Artmedic Web Design Php Source Read

Exploit for php platform in category web applications Exploit Title: Artmedic Web Design Php Source Read Date: 23/12/2011 - 08:30 Author: Nafsh Site: Cyberwh.org Mail: email protected Software Website: http://www.artmedic.de/ Tested On: BackTrack 5 - Win7 Ultimate - Xp Platform: Php $ Dorks: "lin...

phpcms 9 index.php sql注入漏洞

No description provided by source...

Graphikodesign SQL Injection

Exploit Title: Graphikodesign Sql Injecti0n Vulnerability Date: 16/12/2011 - 14:08 Author: 3spi0n Software Website: http://www.graphikodesign.com/ Tested On: BackTrack 5 - Win7 Ultimate Platform: Php $ Dorks: "Powered by Graphikodesign" Vulnerable File : " index.php?go= " $ Demo Sites:...

CVE-2011-4830

Multiple cross-site scripting XSS vulnerabilities in the comlisting component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the 1 listingtitle, 2 description, 3 homeurl aka Website Address, 4 paystring aka Payment types...

Family CMS 2.7.2 - Multiple Persistent Cross-Site Scripting Vulnerabilities

FCMS2.7.2 cms and earlier multiple stored XSS Vulnerability =================================================================================== Exploit Title: FCMS2.7.2 cms multiple stored XSS Vulnerability Download link...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Hotaru.php in the Search plugin 1.3 for Hotaru CMS allow remote attackers to inject arbitrary web script or HTML via the 1 SITENAME parameter to adminindex.php, or the 2 return and 3 search parameters to index.php. NOTE: some of these details a...

Joomla component com_qcontacts 1.0.6 SQL injection

Exploit for php platform in category web applications Exploit Title: QContacts 1.0.6 Joomla component SQL injection Google Dork: inurl:"/components/comqcontacts/" Date: Decembar/08/2011 Author: Don BalcanCrew & BalcanHack Software Link: http://www.latenight-coding.com/joomla-addons/qcontacts.html...

Joomla! Component com_qcontacts 1.0.6 - SQL Injection

Exploit Title: QContacts 1.0.6 Joomla component SQL injection Google Dork: inurl:"/components/comqcontacts/" Date: Decembar/08/2011 Author: Don BalcanCrew & BalcanHack Software Link: http://www.latenight-coding.com/joomla-addons/qcontacts.html Version: 1.0.6 Tested on: Apache Vulnerability: This...

CVE-2011-4541

Cross-site scripting XSS vulnerability in index.php in Hastymail2 2.1.1 before RC2 allows remote attackers to inject arbitrary web script or HTML via the rs parameter in a mailbox Drafts action...

CVE-2011-4541

The CVE-2011-4541 entry concerns Hastymail2 (version 2.1.1 prior to RC2) and is caused by a cross-site scripting (XSS) vulnerability in index.php where an attacker can inject script/HTML via the rs parameter in the mailbox Drafts action. Public references in NVD and CVE listings confirm the impac...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php in a 1 teachers.html or 2 teachers/ action...