CVE-2009-3310

SQL injection vulnerability in index.php in Zainu 1.0 allows remote attackers to execute arbitrary SQL commands via the albumid parameter in an AlbumSongs action...

CVE-2009-3311

Cross-site scripting XSS vulnerability in index.php in RSSMediaScript allows remote attackers to inject arbitrary web script or HTML via the page parameter...

CVE-2009-3315

The affected software is NeLogic Nephp Publisher Enterprise (versions 3.5.9 and 4.5). The vulnerability is a SQL injection in admin/index.php via the Username field, caused by improper handling of input in the web application. This allows remote attackers to execute arbitrary SQL commands, with t...

CVE-2009-3311

Technical details about CVE-2009-3311 are not publicly available in the provided connected documents. Monitor for updates from vendors or security advisories.

CVE-2009-3310

CVE-2009-3310 describes an SQL injection in Zainu 1.0’s index.php, exploitable via the album_id parameter in the AlbumSongs action, allowing remote arbitrary SQL execution. The root cause is unsafe SQL query construction in the application. Public references (NVD/CVE List/PRION) corroborate the v...

cour supreme 'index.php' SQL Injection & Local File Include Vulnerability

================================================= Discovered By: CrAzY CrAcKeR Email: CrAzYCrAcKeRathotmaildotcom ================================================ example:- http://www.example.in/index.php?p=affichedecision&id=-669 union select 1,2,3,4,5,6,loadfile'/etc/passwd',8+from+mysql.user...

Joomla com_facebook SQL Injection

Exploit for unknown platform in category web applications ================================= Joomla comfacebook SQL Injection ================================= Software Information + Vendor : - + Download : http://joomlacode.org/gf/project/joomla-facebook/ + version : - + Vulnerability : SQL...

Joomla! Component com_facebook - SQL Injection

Joomla Component comfacebook SQL injection vulnerability - id Author : kaMtiEz [email protected] Homepage : http://www.indonesiancoder.com Date : September 22, 2009 //////\ ///////\ //////\ //////\ //////\ -=- KILL-9 CREW -=- INDONESIANCODER -=- Software...

DDL CMS 1.0 Remote File Inclusion

+============================================================+ | | | DDL CMS 1.0 Multiple Remote File Inclusion Vulnerabilities | | | +============================================================+ | | | Author : HxH | | | | E-Mail : HxHatlivedotat | | |...

CVE-2009-3248

The CVE-2009-3248 entry describes a CSRF vulnerability in the vtiger CRM 5.0.4 RSS module . The flaw allows remote attackers to hijack the authentication of Admin users by crafting requests to index.php with the rssurl parameter in a Save action, enabling modification of the news feed system. The...

Directory traversal

Multiple directory traversal vulnerabilities in iWiccle 1.01, when magicquotesgpc is disabled, allow remote attackers to read arbitrary files via a .. dot dot in 1 the show parameter to the admin module, reachable through index.php; or 2 the module parameter to index.php...

Sql injection

SQL injection vulnerability in index.php in Super Mod System, when using the 68 Classifieds 3.1 Core System, allows remote attackers to execute arbitrary SQL commands via the s parameter...

Sql injection

SQL injection vulnerability in the admin module in iWiccle 1.01 allows remote attackers to execute arbitrary SQL commands via the memberid parameter in an edituser action to index.php...

CVE-2009-3222

CVE-2009-3222 is a cross-site scripting (XSS) vulnerability affecting FreeWebScriptz Honest Traffic (FWSHT) 1.x. The issue is in index.php where a attacker can inject arbitrary web script or HTML via the msg parameter. Public references describe the flaw but do not provide concrete exploitation d...

CVE-2009-3224

CVE-2009-3224 describes an SQL injection in the web app component: the file index.php of the Super Mod System when used with the 68 Classifieds 3.1 Core System . The vulnerability allows remote attackers to execute arbitrary SQL commands through the s parameter, enabling potential data disclosure...

CVE-2009-3227

The CVE-2009-3227 entry documents a Cross-site scripting (XSS) vulnerability in index.php of AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds. The issue permits remote attackers to inject arbitrary web script or HTML via the city parameter in a search action. ...

CVE-2009-3208

Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to permalink.php and 2 year parameter to index.php...

PaoBacheca 2.1 Cross Site Scripting

/ | | \ \ / / | | \ \ / / | |\ \ /\ / / | | | | | | \ V /| | | \ V V / | | || | || / ||| // ,|, | |/ | | | |/ / | ' \ | | / | | | | | | | |||,|| || || PaoBacheca 2.1 Remote URI XSS Vulnerabilities Discovered By : Moudi Contact : Download : http://zenas.org Greetings : Mizoz, Zuka, str0ke,...

CVE-2009-3196

Cross-site scripting XSS vulnerability in index.php in JCE-Tech PHP Video Script allows remote attackers to inject arbitrary web script or HTML via the key parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in JCE-Tech PHP Video Script allows remote attackers to inject arbitrary web script or HTML via the key parameter...