CVE-2008-3556

Multiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the 1 showmember parameter in a members action and the 2 thread parameter in a board action. NOTE: vector 1 might be the same as CVE-2008-2522...

CVE-2008-3556

CVE-2008-3556 covers multiple SQL injection vulnerabilities in index.php of Battle.net Clan Script 1.5.2. Exploitation targets include the showmember parameter in the members action and the thread parameter in the board action, enabling remote execution of arbitrary SQL commands. The entry notes ...

Request It 1.0 (index.php id) Remote File Inclusion Vulnerability

No description provided by source. Request It v1.0 Remote File Inclusion Vulnerability Ghost Hacker , R-h Team , Real Hack We Will Be Back Soon : Found by : Ghost Hacker |, .-. .-. ,| My Home : Real Hack We Will Be Back Soon & v4-Team.com | o/ \o | My Blog : http://gh0st10.wordpress.com |/ /\ | M...

Sql injection

SQL injection vulnerability in eStoreAff 0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action to index.php...

CVE-2008-3484

SQL injection vulnerability in eStoreAff 0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action to index.php...

dayfox-lfi.txt

..:::::Dayfox Blog LOCAL FILE INCLUSION Vulnerbility ::::... Virangar Security Team www.virangar.net -------- Discoverd By :Virangar Security Team hadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Ali007,Zahra & all virangar members & all iranian hackerz greetz:to my best friend in the...

CVE-2008-3448

Cross-site scripting XSS vulnerability in index.php in common solutions csphonebook 1.02 allows remote attackers to inject arbitrary web script or HTML via the letter parameter...

CVE-2008-3448

CVE-2008-3448 describes a cross-site scripting (XSS) vulnerability in the web application feature: index.php in the product “csphonebook 1.02” from common solutions . The issue arises when an attacker supplies a crafted value in the letter parameter, allowing injection of arbitrary web script or ...

syzygyCMS 0.3 (index.php page) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================= syzygyCMS 0.3 index.php page Local File Inclusion Vulnerability ================================================================= + syzygyCMS 0.3 Local File Inclusion +...

CVE-2008-3405

CVE-2008-3405 describes a directory traversal vulnerability in the nzFotolog web application ( Ricardo Amaral nzFotolog 0.4.1 ). The flaw is in index.php where attackers can craft the action_file parameter to traverse directories and include/execute arbitrary local files on the server. Impact is ...

EPShop 'index.php' SQL注入漏洞

BUGTRAQ ID: 30387 CNCAN ID：CNCAN-2008072903 EPShop是一款基于PHP的WEB应用程序。 EPShop不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息或操作数据库。 问题是'index.php'脚本对用户提交的'pid'参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 EPShop 目前没有解决方案提供： http://comsenz.com/products/ecshop...

[DSECRG-08-033] Local File Include Vulnerability in Pixelpost 1.7.1

Digital Security Research Group DSecRG Advisory DSECRG-08-033 Application: Pixelpost photoblog Versions Affected: 1.7.1 Vendor URL: http://www.pixelpost.org/ Bug: Local File Include Exploits: YES Reported: 22.07.2008 Vendor response: 23.07.2008 Solution: YES Date of Public Advisory: 28.07.2008...

Sql injection

SQL injection vulnerability in index.php in Live Music Plus 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a Singer action...

CVE-2008-3330

Cross-site scripting XSS vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name...

SiteAdmin CMS - 'art' SQL Injection

SiteAdmin CMS Remote Sql Injection Vuln. Download : http://www.as-admin.com Cr@zyKing / sqL Lov3r'Z Crew Co. http://localhost/line2.php?lng=ru&art=16+limit+0+union+select+1,2,concatws0x3a3a,userlogin,userpassw,4,5,6,7+from+authusers+limit+3,10/&cat=2 Admin Panel :...

CVE-2008-3322

admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipecookie cookie...

CVE-2008-3291

SQL injection vulnerability in index.php in AproxEngine aka Aprox CMS Engine 5.1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2008-3291

SQL injection vulnerability in index.php in AproxEngine aka Aprox CMS Engine 5.1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter...

Aprox CMS Engine 'index.php' SQL注入漏洞

BUGTRAQ ID: 30295 CNCAN ID：CNCAN-2008072201 Aprox CMS Engine是一款基于PHP的WEB应用程序。 Aprox CMS Engine不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可能获得敏感信息或操作数据库。 问题由于'index.php'脚本对用户提交给'id'参数缺少过滤，构建恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 Aprox Portal Aprox CMS Engine 5.1.0.4 目前没有解决方案提供：...

CVE-2008-3254

CVE-2008-3254 describes a SQL injection in index.php of preCMS 1, where the attacker can supply a crafted id parameter in the UserProfil action to execute arbitrary SQL commands. The vulnerability arises in the web interface and is exploitable remotely with network access; no authentication is in...