Directory traversal

Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the skin parameter to 1 index.php, 2 forums.php, 3 admin.php, 4 header.php, 5 pages/story.php and 6 pages/poll.php...

Directory traversal

Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 d allow remote attackers to include and execute arbitrary local files via a .. dot dot in the target parameter to 1 index2.php and 2 index.php...

Joomla Community Exchange SQL Injection

Joomla Component Community Exchange userid SQL Injection Vulnerability Vulnerability found by: Valon Kerolli Contact: valonatitshqip.com Site: www.itshqip.com ScriptName: "Joomla" ModuleName: "Community Exchange" Version: "1.0.0" Author: "Mubashir Ahmad Waqar" Author E-mail:...

CVE-2008-4484

main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php...

HispaH textlinksads (index.php) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================== HispaH textlinksads index.php Remote SQL Injection Vulnerability ==================================================================...

Sql injection

SQL injection vulnerability in inc/incstatistics.php in MemHT Portal 3.9.0 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via a statsres cookie to index.php...

sacphp.txt

! /usr/bin/perl -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Yerba SACphp eNYe-Sec - www.enye-sec.org Bug: 37- include"modulos/$mod/modnucleo.php"; use LWP::UserAgent; use HTTP::Request::Common; my $host, $file = @ARGV ; unless$ARGV1 print "\nUsage: perl $0 \n"; print "\tex: perl $0...

ifoto-disclose.txt

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- iFoto, CSS-based GD2 photo gallery eNYe-Sec - www.enye-sec.org -- Description by the author's page -- This is yet another Web-based PHP photo gallery called, iFoto. iFoto use 90% CSS-based layout and can be customize ...

CVE-2008-4457

SQL injection vulnerability in inc/incstatistics.php in MemHT Portal 3.9.0 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via a statsres cookie to index.php...

Yerba SACphp <= 6.3 (mod) Local File Inclusion Exploit

No description provided by source. ! /usr/bin/perl -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Yerba SACphp = 6.3 / Local File Inclusion Exploit -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Program: Yerba SACphp Version: = 6.3 File affected: index.php Download:...

Yerba SACphp 6.3 - Local File Inclusion

Yerba SACphp 6.3 - Local File Inclusion ! /usr/bin/perl -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Yerba SACphp eNYe-Sec - www.enye-sec.org Bug: 37- include"modulos/$mod/modnucleo.php"; use LWP::UserAgent; use HTTP::Request::Common; my $host, $file = @ARGV ; unless$ARGV1 print "\nUsage:...

Yerba SACphp 6.3 - Local File Inclusion

!/usr/bin/perl -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Yerba SACphp eNYe-Sec - www.enye-sec.org Bug: 37- include"modulos/$mod/modnucleo.php"; use LWP::UserAgent; use HTTP::Request::Common; my $host, $file = @ARGV ; unless$ARGV1 print "\nUsage: perl $0 \n"; print "\tex: perl $0...

CVE-2008-4431

CVE-2008-4431 describes a SQL injection in IceBB 1.0-rc9.3 and earlier, exploitable via the skin parameter in index.php. The root cause is a likely flaw in the protection mechanism within the clean_string function in includes/functions.php, allowing remote attackers to execute arbitrary SQL comma...

hostadmin-xss.txt

Islamic Republic Of Iran Security Team Www.IrIsT.Ir HostAdmin == 3.1.1 Cross-Site Scripting Vulnerabilities Download......: http://dreamcost.com/?page=hostadmin Bug Found.....: IrIsT™ discovery.....: Am!r IrIsT™ contact.......: AdminatIrIsT.ir Exploit.......: http://site/path/index.php?page=XSS...

Printlog <= 0.4: Remote File Edition Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Printlog = 0.4: Remote File Edition Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= $ Program: Printlog $ File affected: index.php $ Version: 0.4 $ Download: http://www.hardkap.net/pritlog Found by Pepelux pepeluxatenye-sec.org...

CVE-2008-4376

CVE-2008-4376 affects the Live TV Script software, specifically the vulnerable code path in index.php where the mid parameter is used in SQL queries. The underlying issue is an SQL injection vulnerability that could allow a remote attacker to execute arbitrary SQL commands. Documented impact is p...

CVE-2008-4374

CVE-2008-4374 describes an SQL injection in CMS Buzz: index.php vulnerable to manipulation of the id parameter in the playgame action, enabling remote SQL command execution. The issue is due to improper input handling in the affected PHP file, with CVSS v2 indicating High severity (base score 7.5...

CVE-2008-4376

SQL injection vulnerability in index.php in Live TV Script allows remote attackers to execute arbitrary SQL commands via the mid parameter...

printlog-disclose.txt

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Printlog eNYe-Sec - www.enye-sec.org -- Description by the author's page -- PRITLOG is an extremely simple, small and powerful blog system. It does not use or need a MYSQL database and fully works based on flat files. The idea is derived from a...

Crux Gallery <= 1.32 (index.php theme) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ========================================================================= Crux Gallery Osirys and darkjoker 14. $m = $GET'm'; 15. $p = $GET'p'; 16. $dir = $GET'dir'; 17. requireonce"main.php"; 18. requireonce"themes/".$theme."/theme.php";...