Free Advertisment CMS - user_info.php SQL Injection

Free Advertisment CMS - userinfo.php SQL Injection ========================================================= Free Advertisment cms userinfo.php SQL Injection Vulnerability ========================================================= Name: Free Advertisment cms userinfo.php SQL Injection Vulnerabilit...

CVE-2009-4869

Cross-site scripting XSS vulnerability in index.php in Nasim Guest Book 1.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter...

CVE-2009-4855

TYPO3 4.0 is affected by a SQL injection vulnerability in index.php via the showUid parameter. The root cause is an injectable showUid value, enabling remote attackers to alter SQL commands. The TYPO3 Security Team disputes the report, noting the showUid parameter is commonly used in third‑party ...

Waibrasil - Local/Remote File Inclusion

Title: Waibrasil Remote / Local File Inclusion Date: 10-05-2010 Author: eXeSoul Vendor: www.waibrasil.com.br category: RFI / LFI Version: webapps Tested on: Apcahe/Unix VCE: Code : hhttp://thttp://thttp://phttp://:http:////http://http://http://http://http://http://server/c99.txt? Dork :...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in RepairShop2 1.9.023 Trial, when magicquotesgpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod parameter in a products.details action...

CVE-2010-1856

Cross-site scripting XSS vulnerability in index.php in RepairShop2 1.9.023 Trial, when magicquotesgpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod parameter in a products.details action...

CVE-2010-1857

CVE-2010-1857 affects RepairShop2 1.9.023 Trial, in which a vulnerability in index.php (products.details action) allows SQL injection when magic_quotes_gpc is disabled. The underlying flaw is that user-controlled input in the prod parameter is not properly sanitized, enabling remote attackers to ...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in SemanticScuttle before 0.94.1 allow remote attackers to inject arbitrary web script or HTML via the sort parameter to index.php, and other unspecified vectors, a different issue than CVE-2008-6113. NOTE: some of these details are obtained from...

CVE-2010-1739

CVE-2010-1739 concerns a SQL injection vulnerability in Joomla!’s Newsfeeds extension (com_newsfeeds). The issue is exploitable through the feedid parameter in a categories action to index.php, allowing remote attackers to execute arbitrary SQL commands. The description is consistently reported a...

CVE-2010-1733

Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via 1 multiple inventory fields to the search form, reachable through index.php; or 2 the "Software name" field to the "All softwares" search form, reachable through...

Sql injection

Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction Script allow remote attackers to execute arbitrary SQL commands via 1 the login field aka the username parameter, and possibly 2 the password field, to index.php. NOTE: some of these details are obtained from third party...

Puntal 2.1.0 Remote File Inclusion

==================================================== Puntal 2.1.0 Remote File Inclusion Vulnerability ==================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ ...

CVE-2010-1610

Cross-site request forgery CSRF vulnerability in index.php in OpenCart 1.4 allows remote attackers to hijack the authentication of an application administrator for requests that create an administrative account via a POST request with the route parameter set to "user/user/insert." NOTE: some of...

CVE-2010-1602

CVE-2010-1602 affects Joomla! ZiMB Comment component 0.8.1 (com_zimbcomment). The vulnerability is a Local File Inclusion via a directory traversal (.. in the controller parameter to index.php), allowing an attacker to read arbitrary files and potentially impact other areas. The Nuclei template c...

Joomla ABC Component "sectionid" SQL Injection Vulnerability

No description provided by source. A vulnerability has been discovered in the ABC component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "sectionid" parameter to index.php when "option" is set to "comabc" is not properly sanitised...

CVE-2009-4822

Multiple cross-site scripting XSS vulnerabilities in index.php in Kasseler CMS 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 do, 2 id, and 3 uname parameters...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in DFD Cart 1.198, 1.197, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 category and 2 listquantity parameters to index.php, and the 3 category parameter to your.order.php...

CVE-2010-1541

Multiple cross-site scripting XSS vulnerabilities in DFD Cart 1.198, 1.197, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 category and 2 listquantity parameters to index.php, and the 3 category parameter to your.order.php...

CVE-2010-1540

CVE-2010-1540 : A directory traversal vulnerability affects Joomla! component com_myblog (MyBlog) version 3.0.329, where an attacker can read arbitrary files via a .. (dot dot) in the task parameter of index.php. This is a vulnerability in the Joomla! MyBlog component and is documented in both th...

Uiga Personal Portal - index.php view SQL Injection

Uiga Personal Portal - index.php view SQL Injection Exploit Title: Uiga Personal Portal index.php view SQL Injection Vulnerability Date: 27-4-2010 Author: 41.w4r10r Software Link : http://www.scriptdevelopers.net/download/uigapersonalportal.zip Version: Web Application Tested on: Apcahe/Unix CVE ...