Madirish Webmail 2.01 (basedir) RFI/LFI Vulnerability

Exploit for php platform in category web applications ===================================================== Madirish Webmail 2.01 basedir RFI/LFI Vulnerability ===================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' ...

Sethi Family Guestbook 3.1.8 - Cross-Site Scripting

:::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: General Information Advisory/Exploit Title = Sethi Family Guestbook XSS Vulnerabilities Author = Valentin Hoebel Contact = [email protected] :::::::::::::::::::::::::::::::::::::: 0x2...

Sql injection

Multiple SQL injection vulnerabilities in Graugon PHP Article Publisher 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 c parameter to index.php and the 2 id parameter to view.php...

Sql injection

Multiple SQL injection vulnerabilities in Community CMS 0.5 allow remote attackers to execute arbitrary SQL commands via the 1 articleid parameter to view.php and the 2 a parameter in an event action to calendar.php, reachable through index.php...

CVE-2009-4794

Multiple SQL injection vulnerabilities in Community CMS 0.5 allow remote attackers to execute arbitrary SQL commands via the 1 articleid parameter to view.php and the 2 a parameter in an event action to calendar.php, reachable through index.php...

CVE-2009-4783

The CVE-2009-4783 item concerns multiple SQL injection vulnerabilities in Theeta CMS (version unclear). The affected entry points are the start parameter in three PHP scripts: community/forum.php, community/thread.php, and blog/index.php, where user-supplied input may be concatenated into SQL que...

CVE-2009-4767

Technical details, affected versions, exploit steps, and remediation are not provided in the connected documents; monitor for updates.

Sql injection

SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager aka MVRMM or commvrestaurantmenumanager component 1.5.2 Stable Update 3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the mid parameter in a menudisplay action to index.php...

Kleophatra CMS Cross Site Scripting

Exploit Title: Kleophatra CMS XSS Vulnerability Date: 19/4/2010 My home :www.Dev-Point.com Author: anT!-Tr0J4n Software Link:http://portal.kleophatra.org ===== Exploit XSS ====== Exploit : index.php?module= Xss http://localhost/kleo/index.php?module=1alertdocument.cookie...

WebAdmin - Arbitrary File Upload

Exploit Title: WebAdmin Shell Upload Vulnerability Date: 16.04.2010 Author: DigitALL Code : g00gle d0rk: inurl:webadmin.php Size · Permission · Owner · Group, Functions. 3xpl0it: You Edit index.php Or Shell Upload Greetz To: Efe KroNicKq NoFearx38 and All 1923Turk.Com Members...

Joomla Component QPersonel SQL Injection Vulnerability

No description provided by source. Exploit Title: Joomla Component QPersonel SQL Injection Vulnerability Date: 13.04.2010 Author: Valentin Category: webapps/0day Version: XSS security fix from 31.12.2009, 1.02 and before Tested on: Debian Lenny, MySQL 5 CVE : Code :...

MKPortal Contact module XSS Vulnerability

========================================= MKPortal Contact module XSS Vulnerability ========================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / / / 1 1 / / 0 0 ////// // // //...

CVE-2010-1364

SQL injection vulnerability in index.php in Uiga Personal Portal, as downloaded on 20100301, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action. NOTE: some of these details are obtained from third party information...

Sql injection

SQL injection vulnerability in index.php in Uiga Fan Club, as downloaded on 20100310, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action...

CVE-2010-1365

SQL injection vulnerability in index.php in Uiga Fan Club, as downloaded on 20100310, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action...

CVE-2010-1364

The CVE-2010-1364 entry describes a SQL injection vulnerability in the Uiga Personal Portal’s index.php, exploitable via the id parameter in the photos action. The underlying issue is likely improper input handling/sanitization allowing arbitrary SQL execution by remote attackers. Affected softwa...

CVE-2010-1365

SQL injection vulnerability in index.php in Uiga Fan Club, as downloaded on 20100310, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action...

CVE-2010-1368

CVE-2010-1368 concerns GameScript (GS) 3.0. The vulnerability is in index.php, within a category action, where the input parameter id is not properly sanitized, allowing an attacker to inject and execute arbitrary SQL commands remotely. The described impact is arbitrary SQL execution, with the CV...

Joomla! Component QPersonel 1.0.2 - SQL Injection

Joomla! Component QPersonel 1.0.2 - SQL Injection Exploit Title: Joomla Component QPersonel SQL Injection Vulnerability Date: 13.04.2010 Author: Valentin Category: webapps/0day Version: XSS security fix from 31.12.2009, 1.02 and before Tested on: Debian Lenny, MySQL 5 CVE : Code :...

Joomla! Component QPersonel 1.0.2 - SQL Injection

Exploit Title: Joomla Component QPersonel SQL Injection Vulnerability Date: 13.04.2010 Author: Valentin Category: webapps/0day Version: XSS security fix from 31.12.2009, 1.02 and before Tested on: Debian Lenny, MySQL 5 CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1...