7210 matches found
CVE-2010-2457
Technical details beyond the basic XSS description are not publicly available in the provided connected documents. CVE-2010-2457 is described as XSS in K-Search index.php via the term parameter; monitor for updates for fixes or affected versions.
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in oBlog allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in index.php in Acc PHP eMail 1.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords...
CVE-2009-4903
Cross-site scripting XSS vulnerability in index.php in oBlog allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2009-4903
CVE-2009-4903 describes a Cross-site Scripting (XSS) flaw in the web app oBlog . The vulnerability is in the file index.php and is exploitable via the search parameter , allowing remote attackers to inject arbitrary script/HTML. The NVD entry notes a non-authoritative provenance (“NOTE: the prove...
CVE-2009-4906
CVE-2009-4906 is a CSRF vulnerability affecting Acc PHP eMail 1.1 (index.php). The issue allows remote attackers to hijack administrator authentication for requests that change passwords. Connected sources provide the same description across multiple feeds; CVSS2 base score is 6.8 (Medium) with n...
Sql injection
SQL injection vulnerability in G.CMS generator allows remote attackers to execute arbitrary SQL commands via the lang parameter to the default URI, probably index.php...
Linker IMG 1.0 Remote File Inclusion
|| || | || o,7 || . o7 || 4||| ow, : / / | 1 1 0 I'm Sn!pEr.S!Te Hacker member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 ------------------------------------------------------------ Remote File Inclusion Vulnerability...
CVE-2010-2357
SQL injection vulnerability in index.php in Eicra Realestate Script 1.0 and 1.6.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter. NOTE: some of these details are obtained from third party information...
Pico overseas game currency leveling system 0day-vulnerability warning-the black bar safety net
漏洞 文件 :index.php code......) hhadmin/up.php an arbitrary upload vulnerability Default background address:hhadmin exp http://hack58.com/index.php?mainpage=buyitems&gid=-10 union select 1,adminname from yuadmin/qing http://hack58.com/index.php?mainpage=buyitems&gid=-10 union select 1,adminpwd from...
Unfixed XSS vulnerability at ctbp.ucsd.edu
Security researcher blackboy1337, has submitted on 21/06/2010 a cross-site-scripting XSS vulnerability affecting ctbp.ucsd.edu, which at the time of submission ranked 5649 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 31/10/2010. It is...
SnowCade 3.0 - SQL Injection
/ - SnowCade v3 SQL Injection Vulnerability - ---Date : 2010-06-19 ---Author : ahwak2000 ---Email : z.u5athotmail.com - Script Info - ---Home : http://www.arcadecreate.com/ - Vulnerability - http://site.com/path/index.php?action=browse&cat=SQL INj...
CVE-2010-2336
index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter...
CVE-2010-2335
CVE-2010-2335 describes a SQL injection in Yamamah Photo Gallery 1.00 (pre-20100618) via the news parameter in index.php, allowing remote attackers to execute arbitrary SQL commands. The description confirms the vulnerable component (index.php, news parameter) and the affected version range, with...
ShopEx index.php脚本目录遍历漏洞
ShopEx是在国内非常流行的网上商店平台软件。 ShopEx的index.php脚本没有正确地过滤用户所提交的请求,远程攻击者可以通过在请求参数中包含目录遍历序列读取指定位置的文件。 ShopEx 4.8.5 ShopEx 4.8.4 厂商补丁: 上海商派网络科技有限公司 ------------------------ 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.shopex.cn/index.html...
Directory traversal
Directory traversal vulnerability in index.php in Anodyne Productions SIMM Management System SMS 2.6.10, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the page parameter to index.php. NOTE: some of these details are obtained from third party...
CVE-2010-2319
CVE-2010-2319 affects IDevSpot TextAds 2.08. The vulnerability is a SQL injection in index.php where the attack vector is the page parameter , enabling remote attackers to execute arbitrary SQL commands. The sources consistently describe this as a SQLi vulnerability without detailing exploit step...
Sql injection
SQL injection vulnerability in index.php in HauntmAx Haunted House Directory Listing CMS allows remote attackers to execute arbitrary SQL commands via the state parameter in a listings action...
CVE-2010-2312
CVE-2010-2312 is a SQL injection vulnerability in the HauntmAx Haunted House Directory Listing CMS. The issue is in index.php and allows remote attackers to execute arbitrary SQL commands via the state parameter in a listings action. The available sources confirm the vulnerability description but...
CVE-2010-2281
TomatoCMS 2.0.6 is affected by multiple XSS in index.php. Exploitable through (1) keyword or (2) bannerid with /admin/ad/banner/list, and through (3) title or (4) answers with /admin/poll/add, or (5) name with /admin/category/add. Root cause: unsanitized input in these parameters leading to scrip...