CVE-2010-4971

Cross-site scripting XSS vulnerability in VideoWhisper PHP 2 Way Video Chat component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the r parameter to index.php...

CVE-2010-5031

CVE-2010-5031 is a cross-site scripting (XSS) vulnerability in fileNice 1.1, affecting index.php via the sstring parameter (Search Box). Concrete details found: the vulnerability is XSS with arbitrary script/HTML injection possible through sstring. Affected component is fileNice 1.1 (index.php). ...

CVE-2010-5031

Cross-site scripting XSS vulnerability in index.php in fileNice 1.1 allows remote attackers to inject arbitrary web script or HTML via the sstring parameter aka the Search Box. NOTE: some of these details are obtained from third party information...

CVE-2010-5006

CVE-2010-5006 affects EMO Realty Manager, specifically the googlemap/index.php component. The issue is a SQL injection in the cat1 parameter that allows remote arbitrary SQL execution. This is documented by multiple connected sources (OpenVAS description and NVD entry). The provided documents do ...

CVE-2010-4972

SQL injection vulnerability in index.php in YPNinc JokeScript allows remote attackers to execute arbitrary SQL commands via the ypncatid parameter...

CVE-2010-4968

SQL injection vulnerability in the webmaster-tips.net Flash Gallery comwmtpic component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php...

Sql injection

SQL injection vulnerability in index.php in esoftpro Online Photo Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the section parameter...

Sql injection

SQL injection vulnerability in the NeoRecruit comneorecruit component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in an offerview action to index.php, a different vector than CVE-2007-4506...

Sql injection

SQL injection vulnerability in the Techjoomla SocialAds For JomSocial comsocialads component for Joomla! allows remote attackers to execute arbitrary SQL commands via the ads description field in a showad action to index.php...

CVE-2010-4999

CVE-2010-4999 corresponds to an SQL injection vulnerability in esoftpro Online Photo Pro 2.0, exploitable via the section parameter in index.php. The connected documents confirm the affected component and describe the vulnerability as enabling remote SQL command execution, but do not provide tech...

CaupoShop Pro (2.x/ <= 3.70) Classic 3.01 Local File Include Vulnerability

Exploit for php platform in category web applications CaupoShop Pro 2.x/ = 3.70 Local File Include Vulnerability ----------------------------------------------------------------------------------------- Vuln Softwares : CaupoShop Pro 2.x CaupoShop Classic 3.01 CaupoShop Pro 3.70 Discovered By :...

Alsbtain Bulletin 1.5 / 1.6 Local File Inclusion

Title : Alsbtain Bulletin index.php Local File include Author : Null H4ck3r Product : Alsbtain Alsbtain Bulletin Vendor : http://www.alsbtain.net/ipb/ Date : 25/10/2011 Version : 1.5 , 1.6 Tested on : windows Dork : Powered By Alsbtain Bulletin 1.6 & Powered By Alsbtain Bulletin 1.5 Contact :...

Uiga Personal Portal - Multiple Vulnerabilities

Uiga Personal Portal - Multiple Vulnerabilities Exploit Title: Uiga Personal Portal Multiple Vulnerability Date: 2011 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability Web Site: www.eyupcelik.com.tr ISSUE Blind SQL Injection and XSS can be done using the command...

fims File Management System 1.2.1a - Multiple Vulnerabilities

fims File Management System 1.2.1a - Multiple Vulnerabilities Exploit Title: fims - File Management System execute"select from fimsuser where email='$email' and password=md5'$password'"; if $db-numrows$rs0 return true; else return false; Line 51 of index.php: if isset$REQUESTf...

Uiga Personal Portal Cross Site Scripting / Blind SQL Injection

Exploit Title: Uiga Personal Portal Multiple Vulnerability Date: 2011 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability Web Site: www.eyupcelik.com.tr ISSUE Blind SQL Injection and XSS can be done using the command input Vulnerable Page: index.php cart.php...

Yet Another CMS 1.0 - SQL Injection / Cross-Site Scripting

Advisory: Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities Advisory ID: SSCHADV2011-031 Author: Stefan Schurtz Affected Software: Successfully tested on Yet Another CMS 1.0 Vendor URL: http://yetanothercms.codeplex.com/ Vendor Status: informed ========================== Vulnerability...

Uiga Personal Portal Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Uiga Personal Portal Multiple Vulnerability Date: 2011 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability Web Site: www.eyupcelik.com.tr ISSUE Blind SQL Injection and XSS can be done using the...

Site@School 2.4.10 - index.php Cross-Site Scripting SQL Injection

Site@School 2.4.10 - index.php Cross-Site Scripting SQL Injection source: https://www.securityfocus.com/bid/50195/info Site@School is prone to multiple SQL-injection and cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication...

iSchoolSite SQL Injection

========================================================================== Exploit Title: iSchoolSite SQL Injection Vulnerability Date: 16.10.2011 Author: poach3r Software Link: http://www.ischoolsite.com/ Tested on: Windows XP SP3 Google Dork: "Powered by iSchoolSite" inurl:.php Price: $5000...

Multiple vulnerabilities in Efront

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Efront, which can be exploited to perform SQL injection and cross-site scripting attacks. 1 Cross-Site scripting XSS vulnerabilities in Efront 1.1 Input passed via the "course" GET parameter to index.php is not...