Joostina 1.3 - index.php Cross-Site Scripting

Joostina 1.3 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/45732/info Joostina is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the brows...

Elxis CMS 2009.2 - Remote File Inclusion

Elxis CMS 2009.2 - Remote File Inclusion \ \ \ / / / \ / / / |// / / // // / / / // // / installation folder.'; include$mosConfigabsolutepath.'/includes/systemplates/router.php'; exit; requireonce$mosConfigabsolutepath.'/includes/Core/loader.php'; file : index2.php...

Elxis CMS 2009.2 Remote File Inclusion

\ \ \ / / / \ / / / |// / / // // / / / // // / installation folder.'; include$mosConfigabsolutepath.'/includes/systemplates/router.php'; exit; requireonce$mosConfigabsolutepath.'/includes/Core/loader.php'; file : index2.php http://site.com/elxis-cms/index2.php?mosConfigabsolutepath=shell script...

Elxis CMS 2009.2 - Remote File Inclusion

\ \ \ / / / \ / / / |// / / // // / / / // // / installation folder.'; include$mosConfigabsolutepath.'/includes/systemplates/router.php'; exit; requireonce$mosConfigabsolutepath.'/includes/Core/loader.php'; file : index2.php http://site.com/elxis-cms/index2.php?mosConfigabsolutepath=sh...

“Happy one hundred phases in the Park”photo album GETSHELL vulnerabilities-vulnerability warning-the black bar safety net

The vulnerability appears in the index.php if$do == 'upload' if$POST'formsub' $file = $FILES'upload'; if!$ file'error' ifstrpos$file'type', 'image' === 0 $hash = $POST'i'.'. jpg'; //if IIS, then here can be self-configured IIS malformed file extension to get a webshell...

GALLARIFIC PHP Photo Gallery Script (gallery.php) SQL Injection

Exploit for php platform in category web applications .:. Author : AtT4CKxT3rR0r1ST email protected .:. Script : http://www.gallarific.com/download.php .:. Dork : inurl:"/gadmin/index.php" === Exploit === www.site.com/gallery.php?id=nullSql Injection...

Path disclousure in ocPortal

Vulnerability ID: HTB22761 Reference: http://www.htbridge.ch/advisory/pathdisclousureinocportal.html Product: ocPortal Vendor: ocProducts Ltd http://ocportal.com Vulnerable Version: 5.0.3 Vendor Notification: 15 December 2010 Vulnerability Type: Path disclosure Status: Not Fixed, Vendor Alerted,...

Sql injection

SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s comjquarks4s component 1.0.0 for Joomla!, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php...

Sql injection

SQL injection vulnerability in index.php in MySource Matrix allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2010-4639

CVE-2010-4639 corresponds to a SQL injection vulnerability in the MySource Matrix product, specifically in index.php where the id parameter can be manipulated to execute arbitrary SQL commands remotely. The entry has a CVSS v2 base score of 7.5 (HIGH) with network attack vector, low complexity, a...

CVE-2010-4613

Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the site parameter to 1 index.php and 2 admin.php...

CVE-2010-4612

Hycus CMS 1.0.3 is affected by CVE-2010-4612: multiple SQL injection in index.php when magic_quotes_gpc is disabled. Vulnerable parameters include user_name and usr_email (hregister.html, hlogin.html), useremail (forgotpass.html), and q (search.html). Root cause is input sanitation flaws allowing...

CVE-2010-4613

Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the site parameter to 1 index.php and 2 admin.php...

CVE-2010-4609

CVE-2010-4609 affects Html-edit CMS 3.1.8, with an SQL injection in index.php via the nuser parameter in the registrate action. The vulnerability allows remote attackers to execute arbitrary SQL commands, potentially reading or modifying database contents. The available connected documents confir...

Tunngavik CMS SQL Injection / Cross Site Scripting

======================================================= Tunngavik CMS Exploit database separated by exploit 3 3 type local, remote, DoS, etc. 3 7 7 1 + Site : 1337db.com 1 3 + Support e-mail : submitat1337db.com 3 3 3 7 7 1 I'm KnocKout 1337 Member from 1337 DataBase 1 3 3 3 3...

Joomla Lyftenbloggie Cross Site Scripting

Joomla Component comlyftenbloggie XSS/HTML Vulnerability =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-= /\ \ /\ \ \ \ \L\ \ \ \ \ /\ \ \ \ /',\ \ /\ /\ /\ \ /'\ /' \ /'\ \ \ /\ /, \ \ \ \ \ \ \ \ \ /\ \L./\ /\ /\ / \ \ \// \ \ \ \/ \ /.\ \ \ \...

eclime index.php ref Parameter SQL Injection

The version of eclime hosted on the remote web server fails to sanitize input to the 'ref' parameter of the 'index.php' script before using it in a database query. Regardless of PHP's 'magicquotesgpc' setting, an unauthenticated remote attacker can leverage this issue to manipulate SQL queries an...

Directory traversal

Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the p parameter to index.php...

CVE-2010-4330

Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the p parameter to index.php...

Alguest 1.1c-patched SQL Injection

New eVuln Advisory: SQL Injection vulnerability in Alguest Summary: http://evuln.com/vulns/154/summary.html Details: http://evuln.com/vulns/154/description.html -----------Summary----------- eVuln ID: EV0154 Software: Alguest Vendor: n/a Version: 1.1c-patched Critical Level: medium Type: SQL...