7210 matches found
miacms-sql.txt
MiaCMS SourceCtrl+F3 ... onclick="window.open'http://digg.com/submit?phase=3&url='+encodeURIComponentlocation.href+'&bodytext=This+site+uses+MiaCMS+-+the+free%2C+open+source+content+management+system+admin%3A21232f297a57a5a743894a0e4a801fc3& admin:21232f297a57a5a743894a0e4a801fc3...
MiaCMS <= 4.6.5 Multiple Remote SQL Injection Vulnerabilities
No description provided by source. MiaCMS = 4.6.5 SQL Injection Vulnerability Author: !DoktOR! Contact: coder5attopmail.kz Home Page: www.antichat.ru Date found: 24.08.08 Product: MiaCMS Version: 4.6.5 Download script: http://miacms.googlecode.com/files/MiaCMSv4.6.5.tar.gz Vulnerability Class: SQ...
onenews Beta 2 - Cross-Site Scripting / HTML Injection / SQL Injection
///////////////\\\\\\\\ Name : OneNews Beta 2 Multiple Vulnerabilities Author : suN8HclfcrimsoNLoyd9, DaRk-CodeRs Group Source : http://sourceforge.net/project/showfiles.php?groupid=193198 Dork : Powered by One-News Greetz : all DaRk-CodeRs guys, e.wiZz, str0ke ========================== |1...
Sql injection
SQL injection vulnerability in index.php in Simasy CMS allows remote attackers to execute arbitrary SQL commands via the id parameter...
noname-lfi.txt
NoName Script 1.0 Local File Inclusion + Discovered By SirGod + www.mortal-team.org + Greetz : E.M.I.N.E.M, Ras ,Puscasmarin,ToxicBlood,MesSiAH,xZu,HrN,kemrayz Example : http://localhost/index.php?action=../../../autoexec.bat%00 This will open autoexec.bat...
Sql injection
SQL injection vulnerability in index.php in Papoo before 3.7.2 allows remote attackers to execute arbitrary SQL commands via the suchanzahl parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in PHPizabi before 848 Core HotFix Pack 3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a blogs.search action...
CVE-2008-3735
CVE-2008-3735 describes a cross-site scripting (XSS) vulnerability in PHPizabi’s index.php prior to 848 Core HotFix Pack 3. The flaw allows remote attackers to inject arbitrary web script or HTML through the query parameter in a blogs.search action. Affected software: PHPizabi (before 848 Core Ho...
CVE-2008-3711
CVE-2008-3711 concerns PHPArcadeScript 4.0. An SQL injection vulnerability exists in index.php during the browse action, where the cat parameter can be exploited remotely to execute arbitrary SQL commands. This is documented across multiple sources (NVD/NVD entry, CVE listing). The connected docu...
Ovidentia 6.6.5 XSS (index.php)‏
Ovidentia 6.6.5 XSS Discovered by : ThE dE@Th mailto:dE@Th Fr!ends : Bright D@rk mailto:D@rk - The-Gh0st - all 3asfh.net Members Script Download : www.ovidentia.org DORK : "Powered by Ovidentia" Bug...
ptcinvest-sql.txt
|| | | PTCinvestment 1.2 adid Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | | script :http://discountedscripts.com/productinfo.php?productsid=68 | | DorK...
Unfixed XSS vulnerability at www.kentaurus.cz
Security researcher austinator, has submitted on 15/08/2008 a cross-site-scripting XSS vulnerability affecting www.kentaurus.cz, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 16/08/2008. It is currentl...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in index.php in IDevSpot PhpLinkExchange 1.01 allow remote attackers to inject arbitrary web script or HTML via the catid parameter in a 1 useradd, 2 recip, 3 tellafriend, or 4 contact action, or 5 in a request without an action; or 6 the id...
CVE-2008-3603
SQL injection vulnerability in index.php in Vacation Rental Script 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sections action...
Vacation Rental Script 'index.php' SQL注入漏洞
BUGTRAQ ID:30626 CNCAN ID:CNCAN-2008081206 Vacation Rental Script是一款基于PHP的WEB应用程序。 Vacation Rental Script不正确处理用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息或操作数据库。 问题是由于'index.php'脚本不正确过滤"id"参数,构建恶意SQL查询作为参数数据,可更改原来的SQL逻辑,可获得敏感信息或操作数据库。 vacationrentalscript.com Vacation Rentals Script 3.0 目前没有解决方案提供:...
Sql injection
Multiple SQL injection vulnerabilities in phsBlog 0.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 eid parameter to comments.php, 2 cid parameter to index.php, and the 3 urltitle parameter to entries.php...
CVE-2008-3564
The CVE-2008-3564 entry concerns multiple directory traversal flaws in Dayfox Blog 4’s index.php. The vulnerability allows remote attackers to include and execute arbitrary local files by manipulating the dot-dot sequences in the (1) p, (2) cat, and (3) archive parameters. In some environments th...
CVE-2008-3570
CVE-2008-3570 affects Africa Be Gone (ABG) 1.0a. The vulnerability is a PHP remote file inclusion in index.php exploited via the abg_path parameter, enabling an attacker to execute arbitrary PHP code by supplying a URL. The capabilites and impact are described in the NVD entry (base score 7.5, HI...
CVE-2008-3566
CVE-2008-3566 describes a cross-site scripting (XSS) vulnerability in ZoneO-soft freeForum 1.7. The issue allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter to (1) the default URI, (2) index.php, or (3) the PATH_INFO to index.php. The available documents con...
CVE-2008-3556
Multiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the 1 showmember parameter in a members action and the 2 thread parameter in a board action. NOTE: vector 1 might be the same as CVE-2008-2522...