CVE-2010-4866

SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows remote attackers to execute arbitrary SQL commands via the forumID parameter...

WordPress Black-LetterHead Theme 1.5 - Cross Site Scripting

WordPress Black-LetterHead theme's "index.php" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can...

CVE-2011-3862

Cross-site scripting XSS vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php...

CVE-2011-3865

Cross-site scripting XSS vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php...

PT-2011-4737 · WordPress · Web Minimalist 200901 Theme

Name of the Vulnerable Software and Affected Versions: Web Minimalist 200901 theme for WordPress version 1.2 and earlier Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the PATH INFO to "index.php". Recommendations: For Web Minimali...

CVE-2010-4851

Multiple SQL injection vulnerabilities in Eclime 1.1.2b allow remote attackers to execute arbitrary SQL commands via the 1 ref or 2 pollid parameter to index.php, or the 3 country parameter to createaccount.php...

Sql injection

Multiple SQL injection vulnerabilities in MH Products Projekt Shop allow remote attackers to execute arbitrary SQL commands via the 1 ts parameter to details.php and possibly the 2 ilceler parameter to index.php...

CVE-2010-4845

Multiple SQL injection vulnerabilities in MH Products Projekt Shop allow remote attackers to execute arbitrary SQL commands via the 1 ts parameter to details.php and possibly the 2 ilceler parameter to index.php...

700,000 sites on Inmotion Hosting Server hacked by TiGER-M@TE in one shot !

700,000 sites on Inmotion Hosting Server hacked by TiGER-M@TE in one shot ! 700,000 websites hosted on InMotion Hosting network hacked by TiGER-M@TE includingTrinity FM, Blast Magazine. It was not just a server hack, actually whole data center got hacked. List of all hacked 700000 sites are...

Information disclosure

Yamamah 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/index.php and certain other files...

Information disclosure

HelpCenter Live 2.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/HelpCenter/index.php and certain other files...

Information disclosure

AneCMS 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/menu/index.php and certain other files...

OneCMS 2.6.4 SQL Injection

=========================================================== OneCMS 2.6.4 Remote SQL insertion Vulnerability ----------------------------------------------------------- foun by :kurdish hackers team group : kurd-team contact : [email protected] site : kurdteam.org...

Sql injection

Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the 1 id parameter in a savedsearch action and 2 itemtypes parameter in a showitemsearch action in the...

CVE-2010-4834

The CVE-2010-4834 entry describes multiple SQL injection flaws in index.php for OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition. The vulnerabilities reside in the search_management_manage subcontroller, where remote authenticated users can manipulate the (1) id parameter in a saved_s...

CVE-2009-5089

Directory traversal vulnerability in index.php in IdeaCart 0.02 and 0.02a allows remote attackers to read arbitrary files via a .. dot dot in the page parameter...

CVE-2009-5089

Directory traversal vulnerability in index.php in IdeaCart 0.02 and 0.02a allows remote attackers to read arbitrary files via a .. dot dot in the page parameter...

PHP Support Tickets 2.2 - Code Execution

Exploit Title: PHP Support Tickets v2.2 Code Exec Google Dork: "PHP Support Tickets v2.2" Date: 26.09.2010 Author: brainpillow Software Link: http://www.phpsupporttickets.com/ Version: 2.2 ==================================================================== Vuln. code: /classes/GUI/abstract.GUI.p...