Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Maian Cart 1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 msgadminheader, 2 msgadminheader2, 3 msgadminheader3, 4 msgadminheader4, and unspecified other parameters to admin/inc/header.php; the 5 msgscript3 and...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 keywords parameter to upload/admin/index.php in a search action, the 2 msgcharset and 3 msgheader9 parameters to admin/inc/header.php, and the 4 keywords...

Sql injection

SQL injection vulnerability in index.php in Maian Music 1.1 allows remote attackers to execute arbitrary SQL commands via the album parameter in an album action...

Sql injection

SQL injection vulnerability in the blogwriter module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter to index.php...

CVE-2008-2205

CVE-2008-2205 describes an SQL injection in Maian Music 1.1: the vulnerable component is index.php handling the album action, where the album parameter is exploitable. The underlying cause is unsanitized user input that is used to compose SQL queries, enabling remote attackers to execute arbitrar...

CVE-2008-2208

SQL injection vulnerability in index.php in Maian Greeting 2.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action...

CVE-2008-2207

The CVE-2008-2207 entry covers a Cross-site Scripting (XSS) vulnerability in Maian Gallery 2.0, specifically in admin/index.php where the keywords parameter of a search action can be exploited to inject arbitrary script/HTML by an unauthenticated remote attacker. The affected component is Maian G...

Sql injection

Multiple SQL injection vulnerabilities in SMartBlog aka SMBlog 1.3 allow remote attackers to execute arbitrary SQL commands via the 1 mois, 2 an, 3 jour, and 4 id parameters to index.php, and the 5 login parameter to gestion/logon.php, different vectors than CVE-2008-2183. NOTE: the provenance of...

CVE-2008-2183

SQL injection vulnerability in index.php in SMartBlog aka SMBlog 1.3 allows remote attackers to execute arbitrary SQL commands via the idt parameter...

CVE-2008-2183

SQL injection vulnerability in index.php in SMartBlog aka SMBlog 1.3 allows remote attackers to execute arbitrary SQL commands via the idt parameter...

CVE-2008-2185

The CVE-2008-2185 entry describes a directory traversal vulnerability in SMartBlog (aka SMBlog) 1.3. The vulnerability is in index.php and allows remote attackers to include arbitrary local files through directory traversal sequences supplied in the page parameter. This leads to potential exposur...

CVE-2008-2184

Multiple SQL injection vulnerabilities in SMartBlog aka SMBlog 1.3 allow remote attackers to execute arbitrary SQL commands via the 1 mois, 2 an, 3 jour, and 4 id parameters to index.php, and the 5 login parameter to gestion/logon.php, different vectors than CVE-2008-2183. NOTE: the provenance of...

AJ Classifieds 2008 - index.php SQL Injection

AJ Classifieds 2008 - index.php SQL Injection --==+================================================================================+==-- --==+ AJ Classifieds 2008 index.php Remote SQL Injection Vulnerability +==--...

CVE-2008-2129

SQL injection vulnerability in index.php in Galleristic 1.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter...

CVE-2008-2129

CVE-2008-2129 concerns a SQL injection in index.php of Galleristic 1.0 when magic_quotes_gpc is disabled. The vulnerability allows remote attackers to execute arbitrary SQL commands via the cat parameter. The initial sources list the affected software version and the input vector, but do not prov...

txtCMS 0.3 - index.php Local File Inclusion

txtCMS 0.3 - index.php Local File Inclusion txtCMS 0.3 index.php Local File Inclusion Exploit milw0rm.com 2008-05-09...

Cross site scripting

Cross-site scripting XSS vulnerability in pages/news.page.inc in Project Alumni 1.0.9 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a news action to index.php, a different vector than CVE-2007-6126...

Galleristic 1.0 - cat SQL Injection

Galleristic 1.0 - cat SQL Injection /', $request$i, $response; if!empty$response1 return $response1 . ''; Usage : Run in a browser as : http://yourbox/exploit.php?target=http://targetbox/path/ ifempty$GET'target' die'No target site specified!'; else for$c = 1; $c milw0rm.com 2008-05-07...

Galleristic 1.0 (index.php cat) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ============================================================ Galleristic 1.0 index.php cat Remote SQL Injection Exploit ============================================================ /', $request$i, $response; if!empty$response1 return...

Galleristic 1.0 - 'cat' SQL Injection

/', $request$i, $response; if!empty$response1 return $response1 . ''; Usage : Run in a browser as : http://yourbox/exploit.php?target=http://targetbox/path/ ifempty$GET'target' die'No target site specified!'; else for$c = 1; $c milw0rm.com 2008-05-07...