YAP 1.1.1 - index.php Local File Inclusion

YAP 1.1.1 - index.php Local File Inclusion YAP v1.1.1 Local File Inclusion Vulnerability AUTHOR : Alkindiii CONTACT : Alkindiii 4T islamway D0T net HOME : http://www.soqor.net Script : YAP Version : 1.1.1 Download v1.1 : http://wildmary.net-sauvage.com/share/yap1.1.tar.gz Update to v1.1.1 :...

phpmysport 1.4 - Cross-Site Scripting / SQL Injection

PhpMySport v. 1.4 Multiple Remote Vulnerabilities XSS\SQL + Discovered by XaDoS - xados at hotmail dot it Th4nKs AlpHaNiX -Product site: http://phpmysport.sourceforge.net -Version vuln: 1.4latest and maybe $QLXSS There are some pages vuln.. for example...

PHP Director <= 0.21 (sql into outfile) eval() Injection Exploit

No description provided by source. include stdio.h include stdlib.h include string.h include netinet/in.h include arpa/inet.h include netdb.h / Dork "Powered by PHP Director 0.2" | PHP Director 0.2.1 sql into outfile eval Injection Exploit | Exploit-...

Joomla Djice Shoutbox 1.0 XSS

Joomla Djice Shoutbox v 1.0 alert'XaDoS' or '"alert'XSS By XaDoS' the XSS become permanent in every page of site! not critical damage but it's not funny.. + D3M0: http://www.djiceatwork.com contact me at xados @ hotmail . it www.securitycode.it...

PHP Director 0.21 - SQL Into Outfile 'eval()' Injection

include include include include include include / Dork "Powered by PHP Director 0.2" | PHP Director 0.2.1 sql into outfile eval Injection Exploit | Exploit- index.php?cat=%27+UNION+SELECT+1,'lol',3,4,5,6,7,8,9,10,11,12,13,14,15+INTO+OUTFILE+'/var/www/ex.php'/ PHP.ini- Magic Quotes off Written- by...

CVE-2008-6431

BMForum 5.6 is affected by multiple cross-site scripting (XSS) vulnerabilities. The issue arises from unsafely handling user-supplied input in several parameters: (1) outpused in index.php, (2) footer_copyright and (3) verandproname in newtem/footer/bsd01footer.php, and (4) topads and (5) myplugi...

Sql injection

SQL injection vulnerability in index.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a brain action...

CVE-2008-6409

CVE-2008-6409 affects ol’bookmarks manager version 0.7.5. A SQL injection flaw exists in a brain action where the id parameter in index.php is unsafely used, allowing remote attackers to execute arbitrary SQL commands. This is documented by NVD and related CVE records, with a base score of 7.5 (H...

CVE-2009-0818

Cross-site scripting XSS vulnerability in the taxonomythemeadmintablebuilder function taxonomythemeadmin.inc in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the "administer taxonomy" permission, or the ability to create pages when tagging is...

CVE-2009-0818

Cross-site scripting XSS vulnerability in the taxonomythemeadmintablebuilder function taxonomythemeadmin.inc in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the "administer taxonomy" permission, or the ability to create pages when tagging is...

CVE-2009-0805

CVE-2009-0805 describes a cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier , a XOOPS calendar module. The flaw allows remote attackers to inject arbitrary web script or HTML via the event_id parameter in index.php. Impact is arbitrary script execution in affected users’ browser...

CVE-2009-0765

CVE-2009-0765 affects Kipper 2.01, where index.php is vulnerable to directory traversal: remote attackers can include and execute arbitrary local files via .. in the configfile parameter. The issue enables partial confidentiality, integrity, and availability impact (CVSSv2 base score 7.5; AV:N/AC...

NovaBoard <= 1.0.1 (message) Persistent XSS Vulnerability

Exploit for unknown platform in category web applications ========================================================= NovaBoard alertdocument.cookie you can also send the user cookie to another site Non-persistent XSS:...

CVE-2008-6385

Cross-site scripting XSS vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter...

CVE-2008-6385

RevSense 1.0 (W3matter) is vulnerable to a cross-site scripting (XSS) flaw in index.php via the section parameter, caused by insufficient input sanitization. OpenVAS also documents an SQL injection vulnerability for RevSense &lt;= 1.0, sharing the same root cause. Impact per sources includes pote...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Max's Guestbook allows remote attackers to inject arbitrary web script or HTML via the 1 name, 2 email, and 3 message parameters...

CVE-2008-6359

Cross-site scripting XSS vulnerability in index.php in Max's Guestbook allows remote attackers to inject arbitrary web script or HTML via the 1 name, 2 email, and 3 message parameters...

CVE-2008-6359

Cross-site scripting XSS vulnerability in index.php in Max's Guestbook allows remote attackers to inject arbitrary web script or HTML via the 1 name, 2 email, and 3 message parameters...

CVE-2008-6359

CVE-2008-6359 is an XSS vulnerability in the Max’s Guestbook demo, affecting index.php. The vulnerability allows remote attackers to inject arbitrary web script or HTML through the parameters (1) name, (2) email, and (3) message. The provided documents describe the affected component and the inpu...

BlogMan 0.45 Multiple Vulnerabilities

Salvatore "drosophila" Fresta Application: BlogMan http://sourceforge.net/projects/blogman/ Version: 0.45 Bug: Multiple SQL Injection Authentication Bypass Privilege Escalation Exploitation: Remote Date: 1 Mar 2009 Discovered by: Salvatore "drosophila" Fresta Author: Salvatore "drosophila" Fresta...