Cross site scripting

Cross-site scripting XSS vulnerability in index.php in TinyPortal 0.8.6 and 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Directory traversal

Multiple directory traversal vulnerabilities in CoronaMatrix phpAddressBook 2.11 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the skin parameter to 1 index.php and 2 install.php. NOTE: it was later reported that vector 1 is also present in 2.0...

CVE-2008-1481

Cross-site scripting XSS vulnerability in index.php in webSPELL 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the board parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-1481

The provided sources confirm a Cross-site Scripting (XSS) vulnerability in webSPELL 4.1.2 (component: index.php) exposed via the board parameter. The root cause discussed is lack of input sanitization/validation for that parameter, enabling injection of arbitrary script or HTML. Public references...

joomlad3000-sql.txt

Powered by Download 3000 AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 BLOG : http://my.opera.com/SQL-Injection/blog/ MAiL : [email protected] DORK 1 : "Powered by Download 3000" DORK 2 : allinurl: "comd3000" EXPLOiT :...

joomlacinema-sql.txt

Joomla Component comcinema SQL Injection AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 BLOG : http://my.opera.com/SQL-Injection/blog/ MAiL : [email protected] DORK 1 : allinurl: "comcinema" EXPLOiT 1 :...

PHP-Nuke Platinum 7.6.b.5 (dynamic_titles.php) SQL Injection Exploit

No description provided by source. !/usr/bin/perl Inphex use LWP::UserAgent; use LWP::Simple; use IO::Socket; use Switch; PHP-Nuke Platinum , ForumsStandart - magicquotesgpc = OFF , SQL Injection nukeusers Structure: userid name username useremail femail userwebsite useravatar userregdate usericq...

PHP-Nuke Platinum 7.6.b.5 - dynamic_titles.php SQL Injection

PHP-Nuke Platinum 7.6.b.5 - dynamictitles.php SQL Injection !/usr/bin/perl Inphex use LWP::UserAgent; use LWP::Simple; use IO::Socket; use Switch; PHP-Nuke Platinum , ForumsStandart - magicquotesgpc = OFF , SQL Injection nukeusers Structure: userid name username useremail femail userwebsite...

PHP-Nuke Platinum 7.6.b.5 (dynamic_titles.php) SQL Injection Exploit

Exploit for unknown platform in category web applications ==================================================================== PHP-Nuke Platinum 7.6.b.5 dynamictitles.php SQL Injection Exploit ==================================================================== !/usr/bin/perl Inphex use...

Cross site scripting

Cross-site scripting XSS vulnerability in Multiple Time Sheets MTS 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to 1 index.php, as demonstrated using mixed case and encoded whitespace characters in the tag; or 2 clientinfo.php, 3 invoices.ph...

Sql injection

SQL injection vulnerability in index.php in the Viso Industry Book 2.04 and 2.03 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the kid parameter...

Sql injection

SQL injection vulnerability in index.php in the WebChat 1.60 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the roomid parameter...

Directory traversal

Directory traversal vulnerability in index.php in Multiple Time Sheets MTS 5.0 and earlier allows remote attackers to read arbitrary files via "../..//" modified dot dot sequences in the tab parameter...

CVE-2008-1415

CVE-2008-1415 affects the web app component index.php in Multiple Time Sheets (MTS) 5.0 and earlier. The vulnerability is a directory traversal through the tab parameter, using modified dot-dot sequences ("../..//"), allowing remote attackers to read arbitrary files. The provided documents do not...

CVE-2008-1404

CVE-2008-1404 describes an SQL injection in the Viso (Industry Book) module for eXV2, affecting versions 2.04 and 2.03. The vulnerability is in index.php via the kid parameter, allowing remote attackers to execute arbitrary SQL commands. No remediation details are provided in the connected docume...

CVE-2008-1407

The provided connected documents identify a concrete vulnerability: an SQL injection in the WebChat 1.60 module for eXV2, affecting index.php. The vulnerability is triggered via the roomid parameter, enabling remote attackers to inject arbitrary SQL commands. The root cause is unsafe handling of ...

joomlaintellect-lfi.txt

Aria-Security Team Persian Security Team http://forum.aria-security.com For English http://forum.aria-security.net For Farsi ------------------------------------------ Greetz: Aura, NULL, Kinglet, t3rr0r1st, Mambo/joomla comintellect "page" LFI Poc:...

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in wildmary Yap Blog 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in the eWebsite eWeather Weather module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the chart parameter to modules.php...

eXV2 Module WebChat 1.60 (roomid) Remote SQL Injection Vulnerability

No description provided by source. Powered by eXV2 WebChat 1.60 SQL Injection AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAL : [email protected] DORKS 1 : allinurl :"modules/WebChat" EXPLOIT 1 :...