DEBIAN-CVE-2008-4769

Directory traversal vulnerability in the getcategorytemplate function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from thi...

CVE-2008-4769

Directory traversal vulnerability in the getcategorytemplate function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from thi...

CVE-2008-4769

Directory traversal vulnerability in the getcategorytemplate function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from thi...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the pg parameter, a different vector than CVE-2005-4597...

CVE-2008-4743

CVE-2008-4743 is an SQL injection vulnerability in QuidaScript’s FAQ Management Script, specifically in index.php where the catid parameter is used unsafely. The affected component is the index.php handler within the QuidaScript FAQ Management Script, with the underlying cause being improper hand...

kasracms-sql.txt

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= KasraCMS index.php Multiple Remote SQL Injection Vulnerabilities -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Script: KasraCMS Language : PHP WebSite:...

Kasra CMS (index.php) Multiple SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications ============================================================ Kasra CMS index.php Multiple SQL Injection Vulnerabilities ============================================================...

Etomite CMS id Paramater SQL Injection

The remote web server contains a PHP script that is affected by a SQL injection vulnerability. Description: The remote web server is running Etomite CMS, a PHP-based content management system. The version of Etomite CMS installed on the remote host fails to sanitize input to the 'id' parameter...

MindDezign Photo Gallery 2.2 (index.php id) SQL Injection Vulnerability

No description provided by source. ================================================================================== MindDezign Photo Gallery 2.2 index.php id Remote SQL Injection Vulnerability ==================================================================================...

MindDezign Photo Gallery 2.2 (index.php id) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================================= MindDezign Photo Gallery 2.2 index.php id SQL Injection Vulnerability =======================================================================...

MindDezign Photo Gallery 2.2 - SQL Injection

================================================================================== MindDezign Photo Gallery 2.2 index.php id Remote SQL Injection Vulnerability ================================================================================== ,--^----------,--------,-----,-------^--, | |||||||||...

CVE-2008-4675

CVE-2008-4675: SQL injection in PHPcounter 1.3.2 and earlier via the name parameter in index.php. Root cause: unsanitized input leading to arbitrary SQL execution. Affected: PHPcounter 1.3.2 and older. Impact: remote attacker can run arbitrary SQL commands. Exploitation details are not provided i...

Sql injection

SQL injection vulnerability in index.php in sweetCMS 1.5.2 allows remote attackers to execute arbitrary SQL commands via the page parameter...

CVE-2008-4648

CVE-2008-4648 is a Cross-site Scripting (XSS) vulnerability in Elxis CMS 2008.1 revision 2204. The issue allows remote attackers to inject arbitrary web script or HTML through the following request parameters: PATH_INFO, option, Itemid, id, task, bid, and contact_id. Notes indicate the flaw may o...

Directory traversal

Directory traversal vulnerability in index.php in Fritz Berger yet another php photo album - next generation yappa-ng 2.3.2 and possibly other versions through 2.3.3-beta0, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in th...

Wysi Wiki Wyg 1.0 (LFI/XSS/PHPInfo) Remote Vulnerabilities

No description provided by source. / Wysi Wiki Wyg 1.0 LFI,XSS,PHPInfo Remote Vulnerabilities ---------------------------------------------------------- By StAkeRathotmaildotit http://www.easy-script.com/scripts-dl/wysiwikiwyg10.zip ---------------------------------------------------------- 1-...

CVE-2008-4611

SQL injection vulnerability in index.php of PHP Arsivimiz Php Ziyaretci Defteri allows remote attackers to execute arbitrary SQL commands via the sayfa parameter. Connected sources do not specify affected versions, exact impact, or remediation. No exploitation details are provided in the documents.

Wysi Wiki Wyg 1.0 - Local File Inclusion Cross-Site Scripting PHPInfo

Wysi Wiki Wyg 1.0 - Local File Inclusion Cross-Site Scripting PHPInfo / Wysi Wiki Wyg 1.0 LFI,XSS,PHPInfo Remote Vulnerabilities ---------------------------------------------------------- By StAkeRathotmaildotit http://www.easy-script.com/scripts-dl/wysiwikiwyg10.zip...

yappang-lfi.txt

o------------------------------------------------------------------------------------x | Local File Include Vulnerability | o------------------------------------------------------------------------------------o | Software : yappa-ng Version 2.3.2 | | Vendor :...

CVE-2008-4604

SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter...