CVE-2008-4202

Affected software: Gonafish LinksCaffePRO 4.5. The CVE-2008-4202 vulnerability is an SQL injection in index.php via the idd parameter in a deadlink action. Root cause: improper handling of user-supplied input leading to arbitrary SQL execution. Impact: remote attacker could manipulate the databas...

CVE-2008-4205

CVE-2008-4205 concerns SQL injection in Attachmax Dolphin

Ol Bookmarks Manager 0.7.5 RFI / LFI / SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications ==================================================================== Ol Bookmarks Manager 0.7.5 RFI / LFI / SQL Injection Vulnerabilities ==================================================================== Ol Bookmarks Manager 0.7.5 RFI /...

olbookmarks-rfilfisql.txt

Ol Bookmarks Manager 0.7.5 RFI / LFI / SQL Injection Vulnerabilities POC & Vulns RFI In frame.php In Line 46 include "$GETframefile"; Ex : /frame.php?framefile=Shell LFI In /read/frame.php In Line 46 include "../$GETframefile"; Ex : /frame.php?framefile=../../../../../../etc/passwd SQL Injection ...

Plaincart 'index.php' SQL注入漏洞

BUGTRAQ ID: 31275 CNCAN ID：CNCAN-2008092313 Plaincart是一款基于PHP的WEB应用程序。 Plaincart不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可能获得敏感信息或操作数据库。 问题由于'index.php'脚本对用户提交给'p'参数缺少过滤，构建恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 PlainCart 1.1.2 目前没有解决方案提供： http://www.phpwebcommerce.com/shopping-cart-source-code.php...

Ol BookMarks Manager 0.7.5 - Local File Inclusion Remote File Inclusion SQL Injection

Ol BookMarks Manager 0.7.5 - Local File Inclusion Remote File Inclusion SQL Injection Ol Bookmarks Manager 0.7.5 RFI / LFI / SQL Injection Vulnerabilities POC & Vulns RFI In frame.php In Line 46 include "$GETframefile"; Ex : /frame.php?framefile=Shell LFI In /read/frame.php In Line 46 include...

ADN Forum <= 1.0b Insecure Cookie Handling Vulnerability

Exploit for unknown platform in category web applications ======================================================== ADN Forum = 1.0b Insecure Cookie Handling Vulnerability ======================================================== -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- adnforum =...

Diesel Pay 'index.php' SQL注入漏洞

BUGTRAQ ID: 31276 CNCAN ID：CNCAN-2008092304 Diesel Pay是一款基于PHP的WEB应用程序。 Diesel Pay不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可能获得敏感信息或操作数据库。 问题由于'index.php'脚本对用户提交给'aera'参数缺少过滤，构建恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 DieselScripts Diesel Pay 目前没有解决方案提供： http://www.dieselscripts.com/diesel-pay.html...

CVE-2008-4187

CVE-2008-4187 affects ProActive CMS via a directory traversal in index.php, enabling remote attackers to read arbitrary files by supplying .. in the template parameter. Multiple connected records corroborate the vulnerability and its basic effect (read access); however, none of the provided docum...

CVE-2008-4174

Multiple cross-site scripting XSS vulnerabilities in index.php in Dynamic MP3 Lister 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the 1 currentpath, 2 invert, 3 search, and 4 sort parameters...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in webCMS Portal Edition allows remote attackers to inject arbitrary web script or HTML via the patron parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Sql injection

SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter in a documentos action, a different vector than CVE-2008-3213...

CVE-2008-4185

SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter in a documentos action, a different vector than CVE-2008-3213...

CVE-2008-4184

The CVE affects webCMS Portal Edition, via an XSS in index.php that allows remote injection of arbitrary script/HTML through the patron parameter. Root cause is improper handling of input in index.php enabling reflected/stored XSS as described in CVE-2008-4184 and corroborated by NVD references. ...

Sql injection

SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS lite and allows remote attackers to execute arbitrary SQL commands via the page pageid parameter...

CVE-2008-4159

CVE-2008-4159 concerns an SQL injection in index.php used by Jaw Portal and Zanfi CMS lite. The vulnerability permits remote attackers to execute arbitrary SQL commands through the pageid parameter, as described in the CVE entry. Affected software/components are specifically Jaw Portal's index.ph...

Invision Power Board < 2.3.6 index.php name Parameter SQL Injection

Binary data 4686.prm...

Diesel Pay Script (area) Remote SQL Injection Vulnerability

No description provided by source. Diesel Pay Script index.php area sql inj http://www.dieselscripts.com ---------------------------------------------------------- Discovered By: ZoRLu Date: 20.09.2008 contact: [email protected] contact: [email protected] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMD...

Netartmedia Real Estate Portal 1.2 - SQL Injection

Netartmedia Real Estate Portal 1.2 - SQL Injection !R4Q!4N H4CK3R NetArtMedia Real Estate Portal v2.0 Sql Injection Vulnerability Website : http://www.netartmedia.net Founded By : Encrypt3d.M!nd Home Page : http://encrypt3d.blogspot.com Remote Sql Injections : Affected File : index.php PoC:...

Netartmedia Real Estate Portal 1.2 - SQL Injection

!R4Q!4N H4CK3R NetArtMedia Real Estate Portal v2.0 Sql Injection Vulnerability Website : http://www.netartmedia.net Founded By : Encrypt3d.M!nd Home Page : http://encrypt3d.blogspot.com Remote Sql Injections : Affected File : index.php PoC: /index.php?mod=research&ad=-666 union select...