Opencart 1.1.8 (route) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ========================================================= Opencart 1.1.8 route Local File Inclusion Vulnerability ========================================================= +=================================================================+...

Thickbox Gallery v2 (index.php ln) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ===================================================================== Thickbox Gallery v2 index.php ln Local File Inclusion Vulnerability ===================================================================== + Thickbox Gallery v2 Local Fil...

Opencart 1.1.8 Local File Inclusion

+=================================================================+ xTitle : Opencart Lfi Injection Vulnerability xSoftware : OpenCart opencartv1.1.8 xVendor : http://www.opencart.com/ xDate : 25 April 2009 Indonesia xAuthor : OoNBoy xContact : [email protected] xBlog : http://oonboy.blogspot.co...

CVE-2009-1405

CVE-2009-1405 : Affected software is PastelCMS 0.8.0. The vulnerability is a directory traversal in index.php allowing remote inclusion/execution of local files via a ".." in the set_lng parameter when magic_quotes_gpc is disabled. This is the core impact described in the connected documents. The...

Deserialization of untrusted data

index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action...

CVE-2009-1367

Cross-site scripting XSS vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter in search action, a different issue than CVE-2008-6127.2a...

CVE-2009-1367

MoziloCMS vulnerability CVE-2009-1367 affects moziloCMS 1.11 (index.php) with XSS via the search action parameter. The OpenVAS entry also notes a local file-include (LFI) and XSS issue in moziloCMS, indicating input sanitization failures. Affected component: moziloCMS web application; issue type:...

CVE-2009-1362

SQL injection vulnerability in administration/index.php in chCounter 3.1.3 allows remote attackers to execute arbitrary SQL commands via the loginname parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-6741

SQL injection vulnerability in Load.php in Simple Machines Forum SMF 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the dbcharacterset parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "" backslash...

Quick.Cms.Lite 0.5 (id) Remote SQL Injection Vulnerability

No description provided by source. +-------------------------------------+ + Homepage: http://opensolution.org/ + Product: Quick.CMS Lite 0.5 + File: index.php + Parameter: id + Dork: "Powered by Quick.Cms" +-------------------------------------+ + SQL Injection: +...

Quick.CMS Lite 0.5 SQL Injection

+-------------------------------------+ + Homepage: http://opensolution.org/ + Product: Quick.CMS Lite 0.5 + File: index.php + Parameter: id + Dork: "Powered by Quick.Cms" +-------------------------------------+ + SQL Injection: + http://www.sennik.sos.pl/index.php?t=ph&id=null'+union+select+ +...

Quick.CMS.Lite 0.5 - 'id' SQL Injection

+-------------------------------------+ + Homepage: http://opensolution.org/ + Product: Quick.CMS Lite 0.5 + File: index.php + Parameter: id + Dork: "Powered by Quick.Cms" +-------------------------------------+ + SQL Injection: + http://www.sennik.sos.pl/index.php?t=ph&id=null'+union+select+ +...

CVE-2009-1347

Multiple SQL injection vulnerabilities in stats/index.php in chCounter 3.1.3 allow remote attackers to execute arbitrary SQL commands via 1 the loginname parameter aka the username field or 2 the loginpw parameter aka the password field...

Sql injection

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via 1 the checkuser parameter aka username field, or 2 the checkpass parameter aka password field, to...

Sql injection

Multiple SQL injection vulnerabilities in stats/index.php in chCounter 3.1.3 allow remote attackers to execute arbitrary SQL commands via 1 the loginname parameter aka the username field or 2 the loginpw parameter aka the password field...

CVE-2009-1347

The CVE-2009-1347 entry describes multiple SQL injection vulnerabilities in stats/index.php of chCounter 3.1.3, allowing remote attackers to execute arbitrary SQL commands through the login_name (username) or login_pw (password) parameters. This affects the application’s authentication/input hand...

Online Photo Pro 2.0 XSS

========================================================================================= Title : Cross-site Scripting XSS Vulnerability Software : Online Photo Pro v2.0 Vendor : www.esoftpro.com Date : 19 April 2009 Author : Vrs-hCk Contact : [email protected] Blog : c0li.BlogSpot.Com...

CVE-2008-6725

Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 index.php in a mythings page mythings.php and 2 the users page in admin.php...

Sql injection

Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 index.php in a mythings page mythings.php and 2 the users page in admin.php...

CVE-2008-6726

Multiple directory traversal vulnerabilities in CMScout 2.06, when registerglobals is enabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the bit parameter to 1 admin.php and 2 index.php, different vectors than CVE-2008-3415...