Drumbeat CMS 1.0 - SQL Injection

Drumbeat CMS 1.0 - SQL Injection Vendor: http://www.drumbeatcms.com.au/ Version: Version 1.0 Tested on: Windows and Linux ----------------------------------------- Drumbeat CMS SQL Injection Exploit + Discovered and notified by Sora A SQL injection exploit is found in Drumbeat CMS. The...

CVE-2009-4350

SQL injection vulnerability in index.php in Arctic Issue Tracker 2.1.1 allows remote attackers to execute arbitrary SQL commands via the 1 matchingsid or 2 matchingstitle parameters in a Login action to an unspecified program, or 3 the matchingsid parameter in a search action to index.php, a...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Harold Bakker's NewsScript HB-NS 1.3 allows remote attackers to inject arbitrary web script or HTML via the topic parameter in a topic action, a different vector than CVE-2006-2146...

CVE-2009-4350

CVE-2009-4350 is a SQL injection vulnerability in Arctic Issue Tracker 2.1.1 (index.php). The issue allows remote attackers to inject arbitrary SQL via (1) matchings[id] or (2) matchings[title] in a Login action to an unspecified program, or (3) matchings[id] in a search action to index.php. This...

CVE-2009-4348

The CVE-2009-4348 entry concerns Harold Bakker’s NewsScript (HB-NS) 1.3, where a Cross‑Site Scripting (XSS) flaw exists in index.php. The bug is triggered via the topic parameter in a topic action, enabling remote attackers to inject arbitrary script/HTML. This vulnerability is documented as a se...

Uploader by CeleronDude 5.3.0 Shell Upload

Exploit for unknown platform in category web applications ========================================== Uploader by CeleronDude 5.3.0 Shell Upload ========================================== Uploader by CeleronDude 5.3.0 - Upload Vulnerability Discovered by : Stink' Date : 2009-12-17 Dork : "Uploader...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Real Estate Manager 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. NOTE: some of these details are obtained from third party information...

CVE-2009-4318

CVE-2009-4318 describes a cross-site scripting (XSS) vulnerability in Real Estate Manager 1.0.1, where the parameter lang in index.php can be exploited to inject arbitrary script/HTML. The primary sources (NVD) confirm the issue and source text notes that some details come from third parties; no ...

Ez Cart Cross Site Scripting

========================= Author : anti-gov contact: anti-govathotmail.com ========================= script:Ez Cart vendor:http://www.scriptsez.net Exploit: http://localhost/index.php?action=showcat&cid=1&sid=XSS demo: http://www.scriptsez.com/ezcartdemo/index.php?action=showcat&cid=1&sid="alert1...

Real Estate Manager 1.0.1 XSS

Title: Real Estate Manager 1.0.1 - XSS /\ == \ /\ \ /\ \ \ \ \ \ \ \ \ /\ \ \ \ \ \ \ \ // // // 01000010 01101001 01001111 ---------------------------------------------------------------- + Real Estate Manager 1.0.1 - XSS // Author Info x Author: bi0 x Contact: [email protected] x Homepage...

Real Estate Manager 1.0.1 - XSS

No description provided by source. Title: Real Estate Manager 1.0.1 - XSS /\ == \ /\ \ /\ \ \ \ \ \ \ \ \ /\ \ \ \ \ \ \ \ // // // 01000010 01101001 01001111 ---------------------------------------------------------------- + Real Estate Manager 1.0.1 - XSS // Author Info x Author: bi0 x...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in CutePHP CuteNews 1.4.6, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the 1 lastusername and 2 mod parameters to index.php; and 3 the title parameter to...

CVE-2009-4250

Multiple cross-site scripting XSS vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via 1 the result parameter to register.php; 2 the user parameter to search.php; the 3 catmsg, 4 sourcemsg, 5 postponedselected, 6...

CVE-2009-4249

Multiple cross-site scripting XSS vulnerabilities in CutePHP CuteNews 1.4.6, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the 1 lastusername and 2 mod parameters to index.php; and 3 the title parameter to...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via 1 the result parameter to register.php; 2 the user parameter to search.php; the 3 catmsg, 4 sourcemsg, 5 postponedselected, 6...

CVE-2009-4250

Multiple cross-site scripting XSS vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via 1 the result parameter to register.php; 2 the user parameter to search.php; the 3 catmsg, 4 sourcemsg, 5 postponedselected, 6...

moziloCMS Multiple Cross Site Scripting Vulnerabilities

The host is running moziloCMS and is prone to Multiple Cross Site Scripting Vulnerabilities OpenVAS Vulnerability Test $Id: gbmoziloCMSmultxssvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ moziloCMS Multiple Cross Site Scripting Vulnerabilities Authors: Antu Sanadi Copyright: Copyright c 2009...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magicquotesgpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the body of a news article in an addnews action...

Remote file inclusion

PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the modulepath parameter...