CVE-2008-5927

CVE-2008-5927 describes multiple SQL injection vulnerabilities in FlexPHPNews 0.0.6, specifically in admin/usercheck.php. The attack surface is the login path at admin/index.php, where user-supplied inputs in the checkuser (username) and checkpass (password) parameters appear to be unsafely handl...

CVE-2008-5934

CVE-2008-5934 describes a SQL injection vulnerability in the CMS ISWEB 3.0, specifically in the file index.php, where the parameter id_sezione can be manipulated to cause arbitrary SQL commands to be executed by an attacker. The vulnerability is exploitable remotely and can affect the confidentia...

CVE-2008-5918

Cross-site scripting XSS vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2008-5918

The CVE-2008-5918 entry concerns a Cross-site scripting (XSS) in WebSVN 2.0 and earlier. According to Gentoo GLSA 200903-20 and related OPENVAS entries, the vulnerability affects the getParameterisedSelfUrl() function in index.php, enabling a remote attacker to inject arbitrary web script or HTML...

SCMS v1 (index.php p) Local File Inclusion Vulnerability

No description provided by source. --:local file include:-- --------------------------------- script:simple content management system v 1 ------------------------------------------------------- download from:http://futurekast.com/fcms/php/SCMSv1.zip...

SCMS v1 (index.php p) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ======================================================== SCMS v1 index.php p Local File Inclusion Vulnerability ======================================================== --:local file include:-- --------------------------------- script:simp...

SCMS 1 - Local File Inclusion

--:local file include:-- --------------------------------- script:simple content management system v 1 ------------------------------------------------------- download from:http://futurekast.com/fcms/php/SCMSv1.zip -------------------------------------------------------...

phpList <= 2.10.8 Variable Overwriting

The version of phpList installed on the remote host emulates PHP's 'registerglobals' functionaltiy' insecurely in its 'admin/index.php' script. Provided PHP's 'registerglobals' setting is disabled, an unauthenticated attacker can exploit this issue to overwrite the 'SERVERConfigFile' and...

Php Photo Album 0.8b (index.php preview) Local File Inclusion Vulnerability

No description provided by source. START 0x01 Informations: Script : Php Photo Album 0.8 BETA Download : http://sourceforge.net/project/downloading.php?groupid=151573&usemirror=kent&filename=PHPPA.9BETA.zip&37834145 Vulnerability : Local File Inclusion Author : Osirys Contact : osirysatlivedotit...

w3bcms - &#039;/admin/index.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/33310/info The 'w3bcms' application is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, acces...

Simple Machines Forum < 1.1.8 Password Reset Function Bypass

Binary data 4813.prm...

phpList 2.10.8 - Local File Inclusion

phpList 2.10.8 - Local File Inclusion www.BugReport.ir AmnPardaz Security Research Team Title: phpList Local File inclusion Vendor: http://www.phplist.com Bug: Local File Inclusion Vulnerable Version: 2.10.8 prior versions also may be affected Exploitation: Remote with browser Fix: N/A Original...

CVE-2008-5894

Directory traversal vulnerability in index.php in Mediatheka 4.2 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang parameter...

Cross-Site Scripting vulnerability in Xaraya

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в системе Xaraya. XSS: Уязвимость в index.php в параметре d. http://site/?module=search&q=';alertdocument.cookie;// В последних версиях системы уязвимость уже исправлена. Дополнительная информация о данной уязвимост...

CVE-2009-0109

SQL injection vulnerability in index.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information...

Sql injection

SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote attackers to execute arbitrary SQL commands via the qType parameter in a webboard prog action...

CVE-2009-0105

Cross-site scripting XSS vulnerability in index.php in EZpack 4.2b2 allows remote attackers to inject arbitrary web script or HTML via the mdfd parameter in a prog action...

CVE-2009-0109

SQL injection vulnerability in index.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information...

CVE-2009-0105

CVE-2009-0105 describes an XSS vulnerability in EZpack 4.2b2, where index.php is vulnerable via the mdfd parameter in a prog action. The issue allows remote attackers to inject arbitrary web script or HTML; CVSSv2 base score 4.3 (Medium) with Network access, no authentication, and partial integri...

CVE-2009-0104

CVE-2009-0104 affects EZpack 4.2b2, with a vulnerability in the index.php webboard action that allows SQL injection via the qType parameter. The underlying issue is in the handling of the qType input, enabling an attacker to run arbitrary SQL commands remotely. Documents consistently identify the...