Sql injection

SQL injection vulnerability in index.php in AJ Square AJ Article allows remote attackers to execute arbitrary SQL commands via the txtName parameter aka the username field...

CVE-2008-6721

SQL injection vulnerability in index.php in AJ Square AJ Article allows remote attackers to execute arbitrary SQL commands via the txtName parameter aka the username field...

CVE-2008-6721

AJ Square AJ Article is affected by a SQL injection in index.php, exploitable via the txtName parameter (username field). The vulnerability is documented in CVE-2008-6721 with a base CVSS v2 score of 7.5 (HIGH) and shows network attack vector, low complexity, no authentication required, and parti...

Jamroom (index.php t) Local File Inclusion Vulnerability

No description provided by source. o-----------------------------------------------------------------------------------------------------------------x | Local File Include Vulnerability | o------------------------------------------------------------------------------------o | Software : Jamroom...

GuestCal 2.1 - index.php?lang Local File Inclusion

GuestCal 2.1 - index.php?lang Local File Inclusion + GuestCal 2.1 index.php lang Local File Inclusion Vulnerability + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + Download script : http://guestcal.com/de/download + Local File Inclusion - PoC :...

Redaxscript 0.2.0 (language) Local File Inclusion Vulnerability

No description provided by source. + Redaxscript 0.2.0 index.php language Local File Inclusion Vulnerability + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + Local File Inclusion index.php : -----------------------------------------------------------------...

Geeklog SEC_authenticate()函数SQL注入漏洞

BUGTRAQ ID: 34456 Geeklog是一个免费的、开放源码的Web应用程序。它可以使用户创建一个虚拟的社区，可以管理用户，张贴文章等。Geeklog采用PHP实现，以MySQL为后台数据库。 Geeklog的index.php模块中的SECauthenticate函数没有正确的验证用户所提交的PHPAUTHUSER和 REMOTEUSER变量参数，远程攻击者可以通过提交恶意查询请求执行SQL注入攻击。以下是/publichtml/webservices /atom/index.php文件中34-53行的有漏洞代码段： ... requireonce...

Redaxscript 0.2.0 (language) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications =============================================================== Redaxscript 0.2.0 language Local File Inclusion Vulnerability =============================================================== + Redaxscript 0.2.0 index.php language Local File...

RedaxScript 0.2.0 - Language Local File Inclusion

RedaxScript 0.2.0 - Language Local File Inclusion + Redaxscript 0.2.0 index.php language Local File Inclusion Vulnerability + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + Local File Inclusion index.php : -----------------------------------------------------------------...

CVE-2009-1277

CVE-2009-1277 concerns Gravity Board X (GBX) 2.0 Beta. The vulnerability is a SQL injection in index.php via the member_id parameter in a viewprofile action, enabling remote attackers to execute arbitrary SQL commands. The entry notes that a separate board_id issue is covered by CVE-2008-2996. Co...

CVE-2009-1278

Gravity Board X (GBX) 2.0 BETA has a static code injection in forms/ajax/configure.php that allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php. Affected: GBX 2.0 BETA; vulnerable file: forms/ajax/configure.php. Root cause: configuration work...

Joomla Maian Music 1.2.1 SQL Injection

Joomla Component MaianMusic SQL Injection Vulnerability Vulnerability found by: Valon Kerolli Contact: valonatitshqip.com Site: www.itshqip.com ScriptName: "Joomla" Component: "MaianMusic commaianmusic" Version: "1.2.1" Date: "09-26-2008" Author: "Arelowo Alao & David Bennett" Author E-mail:...

CVE-2009-1258

SQL injection vulnerability in the RD-Autos comrdautos component 1.5.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2009-1258

CVE-2009-1258 is a SQL injection vulnerability in the RD-Autos (com_rdautos) Joomla! component, version 1.5.7. The flaw allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php. The incident is described with a CVSS 2.0 base score of 7.5 (HIGH) with network ...

CVE-2008-6655

Multiple cross-site scripting XSS vulnerabilities in GEDCOMTOMYSQL 2 allow remote attackers to inject arbitrary web script or HTML via the 1 nombranche and 2 nom parameters to php/prenom.php; the 3 nombranche parameter to php/index.php; and the 4 nombranche, 5 nom, and 6 prenom parameters to...

CVE-2008-6646

Cross-site scripting XSS vulnerability in index.php in CoronaMatrix phpAddressBook 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter...

Jinzora name Parameter Local File Inclusion

The remote host is running Jinzora, a web-based media streaming and management system written in PHP. The version of Jinzora installed on the remote host fails to filter user-supplied input to the 'name' variable in the 'index.php' script when 'op' is set before using it to include PHP code...

CVE-2008-6616

CVE-2008-6616 is a cross-site scripting (XSS) vulnerability in Zen Cart 2008, specifically in index.php where the keyword parameter on the advanced_search_result page can inject arbitrary script/HTML. The issue is caused by unsanitized user input that is reflected in the page output. Multiple sou...

CVE-2008-6615

Summary: CVE-2008-6615 describes a SQL injection in Zen Cart 2008 (Zen Software) affecting index.php via the keyword parameter on the advanced_search_result page, allowing remote execution of arbitrary SQL commands. The vulnerability is documented across multiple sources (NVD, CVE lists). The pro...

Sql injection

SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter...