Cross site scripting

Cross-site scripting XSS vulnerability in index.php in JNM Guestbook 3.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter...

CVE-2009-2438

Cross-site scripting XSS vulnerability in index.php in the search module in ClanSphere 2009.0 and 2009.0.2 allows remote attackers to inject arbitrary web script or HTML via the text parameter in a list action. NOTE: this might overlap CVE-2008-1399...

CVE-2009-2438

CVE-2009-2438 describes a cross-site scripting (XSS) vulnerability in ClanSphere, affecting versions 2009.0 and 2009.0.2. The flaw allows remote injection of arbitrary script/HTML via the text parameter in a list action within the search module (index.php). The root cause is an input handling iss...

GLinks 2.1 Blind SQL Injection

0000000000000000000000000000000000 000000000000000000000 00000000000000000000000000000000000 0000000000000000 00000000000000000000000000000000 + GLinks v2.1 Remote Blind SQL injection + Author : 599eme Man + Contact : [email protected] + Thanks : Moudi, Str0ke, Neocoderz, Sheiry, Shimik Root aka...

LionWiki (index.php page) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ============================================================ LionWiki index.php page Local File Inclusion Vulnerability ============================================================ script home site :0 http://lionwiki.0o.cz/ script name :=...

Sql injection

SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a thread action, a different vector than CVE-2008-0355...

CVE-2009-2339

CVE-2009-2339 describes an SQL injection in index.php of Rentventory, exploitable remotely via the product parameter. Root cause: improper input handling allows arbitrary SQL execution. Impact (per CVSS v2): partial confidentiality, integrity, and availability with a base score of 7.5 (NETWORK at...

CVE-2009-2339

SQL injection vulnerability in index.php in Rentventory allows remote attackers to execute arbitrary SQL commands via the product parameter...

CVE-2009-2340

CVE-2009-2340 affects Opial 1.0: the admin/index.php module is vulnerable to SQL injection via the txtUserName (User Name) parameter, enabling remote execution of arbitrary SQL commands. Some sources also mention txtPassword and other parameters, but the core detail is the improper input filterin...

CVE-2008-6848

CVE-2008-6848 affects phpGreetCards 3.7, specifically the code path in index.php. The vulnerability is an XSS via the category parameter in a select action, allowing remote attackers to inject arbitrary web script or HTML. The connected documents confirm the affected component and the underlying ...

Sql injection

SQL injection vulnerability in index.php in Codice CMS 2 allows remote attackers to execute arbitrary SQL commands via the tag parameter...

CVE-2009-2309

CVE-2009-2309 describes a SQL injection vulnerability in Codice CMS 2, exploitable via the tag parameter in index.php. The underlying issue is an input handling flaw that allows remote attackers to execute arbitrary SQL commands. The vulnerability is documented across multiple sources (NVD and CV...

CVE-2009-2302

CVE-2009-2302 describes a cross-site scripting (XSS) vulnerability in the PHP index.php of Aardvark Topsites PHP. The issue allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action for versions 5.2.0 and earlier, with 5.2.1 also reported as affected. T...

CVE-2009-2303

CVE-2009-2303 affects Aardvark Topsites PHP 5.2.1 and earlier. The vulnerability resides in index.php during a search action, where a negative integer value for the start parameter can trigger an error message that reveals the installation path. This leads to an information disclosure risk (parti...

CVE-2009-2309

SQL injection vulnerability in index.php in Codice CMS 2 allows remote attackers to execute arbitrary SQL commands via the tag parameter...

CVE-2009-2289

CVE-2009-2289 is an XSS vulnerability in Arcade Trade Script 1.0 beta, impacting index.php where the q parameter in a gamelist action can be exploited to inject arbitrary script/HTML. The issue is documented in multiple sources (e.g., NVD entry) and arises from insufficient input sanitization in ...

CVE-2009-2263

Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathnam...

PHP-Sugar 0.80 (index.php t) Local File Inclusion Vulnerability

No description provided by source. =-=-local file include-=-= -=-=-=-=-=-=-=-=-=-=-=- script: PHP-Sugar 0.80 ----------------------- Author: ahmadbady my site :Coming Soon =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= download from:http://php-sugar.net/files/?mod=files...

SIPS v0.2.2 Remote File Inclusion Vulnerability

/=============================================================================================================================================== | | o SIPS v0.2.2 Remote File Inclusion Vulnerability | | Software : SIPS v0.2.2 | Vendor : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip |...

tsep 0.942.02 - Multiple Vulnerabilities

tsep 0.942.02 - Multiple Vulnerabilities TSEP "0" && $percent = "100" 62: $sqlins = "INSERT INTO $dbtablename alttag,display,valuepercent,imageshow,comment 63: VALUES '$alt','$display',...