CVE-2010-0371

Affected software: Hitmaaan Gallery 1.3 (vulnerability in index.php). The flaw enables cross-site scripting (XSS) via the gall and levela parameters, allowing remote attackers to inject arbitrary web script or HTML. The NVD notes a medium base score (4.3, CVSS2) with no authentication needed and ...

Sql injection

SQL injection vulnerability in the updateOnePage function in components/combfsurveypro/controller.php in BF Survey Pro Free combfsurveyprofree 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an...

CVE-2009-4625

The CVE-2009-4625 entry concerns BF Survey Pro Free (com_bfsurvey_profree) for Joomla! where the updateOnePage action (table parameter) is vulnerable to SQL injection. Affected versions include 1.2.4 and other versions prior to 1.2.6. The vulnerability arises from improper validation of the table...

CVE-2009-4620

SQL injection vulnerability in the Joomloc comjoomloc component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php...

Joomla Component com_prime Directory Traversal

Exploit for unknown platform in category web applications ============================================== Joomla Component comprime Directory Traversal ============================================== @email protected @=Script : Joomla Component comprime @=Author : FL0RiX @=Bug Type : Directory...

Joomla Component com_jeeventcalendar Local File Inclusion

Exploit for php platform in category web applications ========================================================= Joomla Component comjeeventcalendar Local File Inclusion ========================================================= Author : altbta Email? : l9athotmailatcom? Script : Joomla Component...

Joomla Uploader Shell Upload

|| || | || o,7 || . o7 || 4||| ow, : / / . |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ team wlhaan hacker | | // | | |...

CVE-2010-0319

CVE-2010-0319 is a documented Cross-Site Scripting (XSS) vulnerability in Docmint 1.0 and 2.1, exploitable via the id parameter in index.php. The issue allows remote attackers to inject arbitrary web script or HTML. Multiple sources (NVD, CVE lists) corroborate the affected software and impact, w...

Sql injection

SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to execute arbitrary SQL commands via the supid parameter in a suppliers details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informatio...

Sql injection

Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow 1 remote authenticated users to execute arbitrary SQL commands via the userid parameter in a users details action, and allow remote attackers to execute arbitrary SQL commands via the 2 user username and 3 pass passwor...

CVE-2009-4597

The CVE-2009-4597 entry covers SQL injection flaws in PHP Inventory (notably versions around 1.2/1.3.x) in index.php. The vulnerabilities allow SQL commands to be injected through user_id in a user details action, and through user/password fields, enabling unauthorized data access via poorly sani...

CMScontrol 7.x File Upload

Exploit for unknown platform in category web applications ========================== CMScontrol 7.x File Upload ========================== CMScontrol 7.x File Upload Author : Cyber945 Bug Type : File Upload Infection : Adminin bilgileri alinabilir. Dork : inurl:"index.php?idmenu="...

phpwind 7.5 apps/groups/index.php远程包含漏洞

apps/groups/index.php 里$route和$basePath变量没有初始化,导致远程包含或者本地包含php文件,导致执行任意php代码 ?php if $route == "groups" requireonce $basePath . '/action/mgroups.php'; elseif $route == "group" requireonce $basePath . '/action/mgroup.php'; elseif $route == "galbum" requireonce $basePath . '/action/mgalbum.php';...

MyBB 1.4 admin remote code execution vulnerability

在index.php文件336行左右代码如下： //index.php,336行左右 $plugins-runhooks"indexend"; //出现了eval函数，注意参数 eval"$index = "".$templates-get"index"."";"; outputpage$index; /code 看以下eval函数中的内容是否可以控制，继续找到templates类查看get函数的定义 code //inc/classtemplates.php,65行左右 function get$title, $eslashes=1, $htmlcomments=1 global...

Sql injection

SQL injection vulnerability in the JoomlaBamboo JB Simpla Admin template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to the comcontent component, reachable through index.php. NOTE: the vendor disputes this report, saying:...

Sql injection

SQL injection vulnerability in the MDForum module 2.x through 2.07 for MAXdev MDPro allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php...

Sql injection

SQL injection vulnerability in the BeeHeard combeeheard component 1.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a suggestions action to index.php...

CVE-2010-0158

CVE-2010-0158 describes a SQL injection risk in the JoomlaBamboo (JB) Simpla Admin template for Joomla! via the id parameter in an article action to the com_content component (accessible through index.php). The issue is asserted by multiple sources to allow remote SQL command execution, with a ve...

Vulnerabilities in Athree CMS

====================================================================== Secunia Research 29/12/2009 - AproxEngine Multiple Vulnerabilities - ====================================================================== Table of Contents Affected Software......................................................

CVE-2009-4561

Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters...