7210 matches found
Directory traversal
Directory traversal vulnerability in index.php in Sava's Link Manager 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third part...
Directory traversal
Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third...
Sql injection
SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 allows remote attackers to execute arbitrary SQL commands via the UserId parameter, related to the login form field in index.php...
Sql injection
SQL injection vulnerability in index.php in Neat weblog 0.2 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a show action, probably related to the showArticle function in lib/libarticle.include.php...
CVE-2008-1653
CVE-2008-1653 describes a directory traversal vulnerability in the web app Sava’s Link Manager 2.0 . The flaw occurs in index.php , allowing remote attackers to include and execute arbitrary local files by manipulating the q parameter (directory traversal sequences). This is consistently reported...
CVE-2008-1642
The CVE-2008-1642 issue affects Sava’s GuestBook 2.0 (index.php) and is a directory traversal vulnerability that lets remote attackers cause local file inclusion and execution via directory traversal sequences in the action parameter. The root cause is improper validation of the action parameter ...
CVE-2008-1639
Vulnerability (CVE-2008-1639) in Neat weblog 0.2: an SQL injection flaw in index.php allows remote attackers to modify or retrieve data via the articleId parameter in the show action, likely linked to the showArticle function in lib/lib_article.include.php. The NVD entry records a CVSS v2 base sc...
CVE-2008-1636
CVE-2008-1636 describes a cross-site scripting (XSS) vulnerability in the JV2 Quick Gallery 1.1 product, specifically in index.php via the f parameter. The connected NVD entry confirms the vulnerability allows remote attackers to inject arbitrary script/HTML through the f parameter, indicating in...
CVE-2008-1631
CVE-2008-1631 corresponds to a SQL injection vulnerability in CuteFlow versions 1.5.0 and 2.10.0. The flaw occurs in login.php, related to the UserId parameter used by the login form (indexed in index.php), allowing remote attackers to craft arbitrary SQL commands. Multiple sources (NVD entry, CV...
Joomla! Component actualite 1.0 - 'id' SQL Injection
Joomla Component comactualite SQL Injection AUTHOR : Stack-Terrorist v40 HOME : http://v4-team.com MAiL : [email protected] DORK 1 : allinurl: "comactualite" EXPLOiT : index.php?option=comactualite&task=edit&id=-1%20union%20select%201,concatusername,char32,password,3,4,5,6,7,8,9%20from%20josusers...
Mambo Component Ahsshop 1.51 - 'vara' SQL Injection
Mambo Component comahsshop SQL Injection AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 BLOG : http://my.opera.com/SQL-Injection/blog/ MAiL : [email protected] DORK 1 : allinurl: "comahsshop"do=default EXPLOiT 1 :...
CVE-2008-1550
Multiple cross-site scripting XSS vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via 1 the a parameter in a searchStr action and the 2 Submit parameter...
CVE-2008-1550
CubeCart 4.2.1 has multiple XSS vulnerabilities in index.php exploitable via the _a parameter in a searchStr action and the Submit parameter, allowing remote attackers to inject arbitrary script/HTML. The NVD entry notes a Medium base score (CVSS v2: AV:N/AC:M/Au:N/C:N/I:P/A:N) with partial integ...
CuteFlow Version 1.5.0 Multiple Remote Vulnerabilities
CuteFlow Version 1.5.0 Multiple Remote Vulnerabilities sql injection & Xss Virangar Security Team www.virangar.org www.virangar.net -------- Discoverd By : hadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all iranian hackerz greetz:to my best friend in the...
cuteflow-sqlxss.txt
CuteFlow Version 1.5.0 Multiple Remote Vulnerabilities sql injection & Xss Virangar Security Team www.virangar.org www.virangar.net -------- Discoverd By : hadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all iranian hackerz greetz:to my best friend in the...
CVE-2008-1536
The CVE-2008-1536 entry concerns a cross-site scripting (XSS) vulnerability in the index.php of Pictures Pro (aka Tim Grissett) Photo Cart 4.1. The flaw allows remote attackers to inject arbitrary web script or HTML via the amessage parameter. Affected software is Pictures Pro Photo Cart 4.1; the...
phpaddressbook-sql.txt
php-addressbook v2.0 SQL Injection Vulnerbility admin Authentication bypass Virangar Security Team www.virangar.org www.virangar.net -------- Discoverd By : hadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all iranian hackerz greetz:to my best friend in the...
php-addressbook v2.0 SQL Injection Vulnerbility
php-addressbook v2.0 SQL Injection Vulnerbility admin Authentication bypass Virangar Security Team www.virangar.org www.virangar.net -------- Discoverd By : hadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all iranian hackerz greetz:to my best friend in the...
Sql injection
SQL injection vulnerability in index.php in XLPortal 2.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the query parameter...
CVE-2008-1509
CVE-2008-1509 describes an SQL injection in XLPortal ≤ 2.2.4, triggered by the query parameter in index.php. The underlying flaw allows remote attackers to execute arbitrary SQL commands. Reported impact aligns with a high base severity (CVSS v2: 7.5, Network attack vector, no authentication, par...