Directory traversal

Multiple directory traversal vulnerabilities in SG Real Estate Portal 2.0 allow remote attackers to read arbitrary files via a .. dot dot in the 1 mod, 2 page, or 3 lang parameter to index.php; or the 4 action or 5 folder parameter in a security request to admin/index.php...

CVE-2008-6011

The vulnerability CVE-2008-6011 affects SG Real Estate Portal 2.0, specifically the index.php page where the page_id parameter is used in SQL queries. The underlying root cause is an SQL injection that allows remote attackers to execute arbitrary SQL commands. The vulnerability is categorized wit...

CVE-2009-0330

CVE-2009-0330 affects Simple Content Management System (SCMS) 1. The vulnerability is a directory traversal in index.php via the p parameter, enabling remote attackers to include and execute arbitrary local files. Exploit details are not provided in the sources; impacts and vendor/patch specifics...

CVE-2008-6001

index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field, and a final :sysop:0 string...

CVE-2009-0299

SQL injection vulnerability in index.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter...

CVE-2009-0299

CVE-2009-0299 affects Groone GLinks 2.1. The vulnerability is an SQL injection in index.php via the cat parameter, allowing remote execution of arbitrary SQL commands. Connected sources corroborate the affected software/version and the input parameter exploited, with no explicit exploitation deta...

CVE-2009-0295

The CVE-2009-0295 vulnerability affects Information Technology Light Poll Information (ITLPoll) 2.7 Stable 2. It is a SQL injection in index.php triggered via the id parameter when magic_quotes_gpc is disabled. The underlying issue is improper handling of user-supplied input, allowing remote atta...

Groone's GLink Organizer SQL Injection

Groone's GLink Organizer index.php SQL Injection Vulnerability Author: nuclear download: http://www.groonesworld.com/programs/glinks/glinks.zip vuln: http://localhost/path/index.php?cat=-1 union select 1,@@version,3 %23 greetz Mi4night, cAs, zYzTeM, THEMAN, Pepe, I-O-W-A,Digitalfortress, DiGitalX...

Groones GLink ORGanizer - index.php?cat SQL Injection

Groones GLink ORGanizer - index.php?cat SQL Injection Groone's GLink Organizer index.php SQL Injection Vulnerability Author: nuclear download: http://www.groonesworld.com/programs/glinks/glinks.zip vuln: http://localhost/path/index.php?cat=-1 union select 1,@@version,3 %23 greetz Mi4night, cAs,...

Groone's GLink Organizer (index.php cat) SQL Injection Vulnerability

No description provided by source. Groone's GLink Organizer index.php SQL Injection Vulnerability Author: nuclear download: http://www.groonesworld.com/programs/glinks/glinks.zip vuln: http://localhost/path/index.php?cat=-1 union select 1,@@version,3 %23 greetz Mi4night, cAs, zYzTeM, THEMAN, Pepe...

Sql injection

SQL injection vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to execute arbitrary SQL commands via the cID parameter in a document action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2008-5960

Affected software: Tribiq CMS Community 5.0.10B and 5.0.11E. Vulnerability: SQL injection in index.php via the cID parameter in a document action. This allows remote attackers to execute arbitrary SQL commands. Root cause/impact: Not further detailed beyond the injection via cID; impacts confiden...

CVE-2008-5949

Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cctbase parameter to 1 index.php; 2 handle/proxy.php; 3 header.php, 4 include.php, and 5 workspace.php in includes/; and 6 plugins/RSS/files/rss.php...

CVE-2008-5948

CVE-2008-5948 concerns a directory traversal vulnerability in index.php of BNCwi version 1.04 and earlier. The issue arises when processing the newlanguage parameter, where an attacker can inject a .. path segment to cause local files to be included and (potentially) executed. Impact is partial c...

CVE-2008-5961

CVE-2008-5961 is a cross-site scripting (XSS) vulnerability in Tribiq CMS Community versions 5.0.10B and 5.0.11E, exploitable via the cID parameter in a document action on index.php. The issue arises from inadequate input handling that allows an attacker to inject arbitrary script/HTML. Reported ...

CVE-2008-5940

SQL injection vulnerability in index.php in MODx 0.9.6.2 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the searchid parameter. NOTE: some of these details are obtained from third party information...

CVE-2008-5940

MODx contains a SQL injection in index.php (MODx 0.9.6.2 and earlier) that can be triggered when magic_quotes_gpc is disabled, allowing a remote attacker to execute arbitrary SQL via the searchid parameter. Impact: remote attacker could obtain administrative privileges. Affected versions: 0.9.6.2...

Sql injection

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the 1 checkuser parameter aka username field or 2 checkpass parameter aka password field to admin/index.php. NOTE: some of these details are obtained fro...

CVE-2008-5934

SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows remote attackers to execute arbitrary SQL commands via the idsezione parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in CMS ISWEB 3.0 allow remote attackers to inject arbitrary web script or HTML via 1 the strcerca parameter aka the input field for the cerca action or 2 the idoggetto parameter. NOTE: some of these details are obtained from third par...