CVE-2008-2095

CVE-2008-2095 describes an SQL injection in the FlippingBook (com_flippingbook) 1.0.4 component used with Joomla!. The vulnerability affects the index.php file and allows a remote attacker to execute arbitrary SQL commands by manipulating the book_id parameter. The provided connected documents co...

CVE-2008-2081

The CVE-2008-2081 entry documents a directory traversal (Local File Inclusion) in index.php of Siteman 2.0.x2. The issue, exploitable by remote authenticated administrators via a .. in the module parameter, enables inclusion and execution of arbitrary local files. Root cause: insufficient input s...

Miniweb 2.0 - historymonth SQL Injection

Miniweb 2.0 - historymonth SQL Injection Rem0te SQL Injection Vulnerability Miniweb 2.0 index.php Author: HaCkeR-EgY H^0mE: www.pal-hacker.com , atsdp.com CONTact: [email protected] =========================================================== Script : Miniweb " Blog Writer " version : 2.0 Modu...

SmartBlog 1.3 - index.php SQL Injection

SmartBlog 1.3 - index.php SQL Injection Smartblog remote SQL injection exploit Script download : http://ftp1.toocharger.com/scfQ9NS/smartblog3868.zip Founder: His0k4 ALGERIAN HACKER Greetz : All friends & muslims HaCkErS... Contact: His0k4.hlmatgmail.com Dork : Actionnée par smartblog P.O.C :...

zencart-sql.txt

+==========================================================================+ + 2008 Zen Cart & SQL-Injection Vulnerabilities + +==========================================================================+ Authors: Ivan Sanchez Product: Zen Cart Web: http://www.zen-cart.com/ Versions: 2008 Zen Cart...

CVE-2008-2046

CVE-2008-2046 describes a cross-site scripting (XSS) vulnerability in the Softpedia SiteXS CMS 0.1.1 Pre-Alpha. The issue resides in index.php and allows remote attackers to inject arbitrary web script or HTML via the user parameter. Documented impact is partial integrity exposure with no confide...

CVE-2008-2036

CVE-2008-2036 is a SQL injection vulnerability in dream4 Koobi Pro 6.25, affecting index.php via the poll_id parameter in a poll action. The root cause is unvalidated input leading to arbitrary SQL execution by remote attackers. Exploitation details or in-the-wild status are not provided in the c...

CVE-2008-2036

SQL injection vulnerability in index.php in dream4 Koobi Pro 6.25 allows remote attackers to execute arbitrary SQL commands via the pollid parameter in a poll action...

CVE-2008-2024

CVE-2008-2024 describes a cross-site scripting (XSS) vulnerability in the PHP script index.php of miniBB 2.2 (and possibly earlier) that can be triggered when register_globals is enabled. The issue allows remote attackers to inject arbitrary scripts or HTML via the glang[] parameter in a register...

Sql injection

SQL injection vulnerability in index.php in the PostSchedule 1.0 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the eid parameter in an event action...

CVE-2008-2012

CVE-2008-2012 affects the PostSchedule 1.0 module for PostNuke. A SQL injection in index.php allows remote attackers to modify the database by supplying the eid parameter in an event action. Documented impact: arbitrary SQL execution with a CVSSv2 base score of 7.5 (HIGH). No remediation details ...

Unfixed XSS vulnerability at www.ptc-house.com

Security researcher PaPPy, has submitted on 29/04/2008 a cross-site-scripting XSS vulnerability affecting www.ptc-house.com, which at the time of submission ranked 171866 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 29/04/2008. It is current...

CVE-2008-1983

Cross-site scripting XSS vulnerability in Advanced Electron Forum AEF 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the beg parameter in a members action to index.php...

CVE-2008-1975

CVE-2008-1975 describes an SQL injection vulnerability in the E-RESERV 2.1 web application, exploitable via the ID_loc parameter in index.php. The vulnerability allows remote attackers to execute arbitrary SQL commands, as the input is treated unsafely within database queries. Multiple connected ...

Sql injection

SQL injection vulnerability in index.php in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to execute arbitrary SQL commands via the AMGid parameter in a comments action...

CVE-2008-1961

Voice Of Web AllMyGuests 0.4.1 is affected by CVE-2008-1961: an SQL injection in index.php allows remote attackers to execute arbitrary SQL via the AMG_id parameter in the comments action. Root cause: unsanitized AMG_id input in comments processing leads to query manipulation. No remediation deta...

CVE-2008-1961

SQL injection vulnerability in index.php in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to execute arbitrary SQL commands via the AMGid parameter in a comments action...

CVE-2008-1936

CVE-2008-1936 describes an SQL injection in index.php of Classifieds Caffe. The vulnerability is exploitable via the cat_id parameter in an add action, potentially allowing remote attackers to execute arbitrary SQL commands. This may be site-specific; CVSS 2.0 vector indicates network access with...

E RESERV 2.1 (index.php ID_loc) SQL Injection Vulnerability

No description provided by source. ========================================================= =============== JIKI TEAM Maroc And YameN =============== ========================================================= Author : jiko email : [email protected] Home : www.no-back.org Script : E RESERV VERSI...

CVE-2008-1913

CVE-2008-1913 affects Lasernet CMS (versions 1.5 and 1.11) with a vulnerable index.php. When magic_quotes_gpc is disabled, an attacker can inject arbitrary SQL via the new parameter in a new action, enabling remote execution and partial impact on confidentiality/integrity/availability. The NVD li...