joomlafq-sql.txt

joomla SQL Injectioncomfq AUTHOR : S@BUN HOME : http://www.hackturkiye.com/ DorKs 1 : allinurl: "comfq" EXPLOIT : index.php?option=comfq&Itemid=S@BUN&listid=9999999//union//select//name,password//from//mosusers/ S@BUN www.hackturkiye.com S@BUN S@BUN GOOD LUCKY S@BUN...

AmpJuke-0.7.0 (index.php) Xss VuLn.

Author : ShaFuck31 maiL : [email protected] Script Name : AmpJuke-0.7.0 DownLoad Script : http://www.ampjuke.org/ampjuke-0.7.0.tar.gz Script's HomePage : http://www.ampjuke.org/ Vuln. File : index.php Vuln. :...

Yeşil Koridor Ziyareti Defteri (index.php) SqL. inj.

Author : ShaFuck31 maiL : [email protected] Script Name : Yeil Koridor Ziyaretзi Defteri DownLoad Script : http://php.arsivimiz.com/indir.php?id=973 Script's HomePage : http://www.yesilmedya.com Vuln. File : index.php Vuln. : http://www.victim.com/defter/index.php?sayfa=sqL inj. code here...

ampjuke-xss.txt

Author : ShaFuck31 maiL : [email protected] Script Name : AmpJuke-0.7.0 DownLoad Script : http://www.ampjuke.org/ampjuke-0.7.0.tar.gz Script's HomePage : http://www.ampjuke.org/ Vuln. File : index.php Vuln. :...

CVE-2008-0469

SQL injection vulnerability in index.php in Tiger Php News System TPNS 1.0b and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newscat action...

CVE-2008-0469

SQL injection vulnerability in index.php in Tiger Php News System TPNS 1.0b and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newscat action...

CVE-2008-0469

CVE-2008-0469 affects Tiger Php News System (TPNS) up to version 1.0b. The vulnerability is a SQL injection in the index.php file, exploitable via the catid parameter in the newscat action. Remote attackers could potentially execute arbitrary SQL commands (partial to full data access/ modificatio...

Mambo Component 'com_newsletter' 4.5 - 'listid' SQL Injection

joomla SQL Injectioncomnewsletter AUTHOR : S@BUN HOME : http://www.hackturkiye.com/ DorKs 1 : allinurl: "comnewsletter" EXPLOIT : index.php?option=comnewsletter&Itemid=S@BUN&listid=9999999//union//select//name,password//from//mosusers/ S@BUN www.hackturkiye.com S@BUN S@BUN GOOD LUCKY S@BUN notes:...

eTicket 1.5.6-RC4 - index.php Cross-Site Scripting

eTicket 1.5.6-RC4 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/27473/info eTicket is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code...

CVE-2008-0461

SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from thir...

CVE-2008-0461

CVE-2008-0461 concerns a SQL injection in PHP-Nuke’s Search module. The vulnerability resides in index.php for PHP-Nuke 8.0 FINAL and earlier when magic_quotes_gpc is disabled. An attacker can craft requests exploiting the sid parameter in a “comments” action to modules.php to execute arbitrary S...

Sql injection

SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 allows remote attackers to execute arbitrary SQL commands via the story parameter...

CVE-2008-0447

SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 allows remote attackers to execute arbitrary SQL commands via the story parameter...

SLAED CMS 'index.php'本地文件包含漏洞

BUGTRAQ ID: 27426 CNCAN ID:CNCAN-2008012406 SLAED CMS是一款基于PHP的WEB应用程序。 SLAED CMS不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是由于'index.php'脚本对用户提交的'newlang'参数处理缺少充分过滤，提交本地系统文件作为包含对象，可导致以WEB权限查看系统文件内容。 SLAED CMS 2.5 Lite 厂商解决方案 目前没有详细解决方案提供： http://www.slaed.net/...

CVE-2008-0447

CVE-2008-0447 describes an SQL injection in Foojan WMS PHP Weblog 1.0, caused by unsanitized input in the story parameter of index.php. This enables remote attackers to potentially modify or read database data; CVSS v2 base score 7.5 (HIGH) with network access, low attack complexity, and no authe...

efront-312-xss.txt

fuzion / // /\ / / : //\ /| : : .. / \ | | :: :: \ / | | :| || \ / | | || || |\ / | | || || | / | \ | || || | / /\ \ | || || | / / \ -/ -/ | |// \ --/ \ / / / / \ / \/ Product: efront e-learning LMS 3.1.2 http://www.efrontlearning.net/ Vulnerable: http://site/index.php?message=xss...

CVE-2008-0432

The CVE-2008-0432 entry concerns a Cross-site Scripting (XSS) vulnerability in phpAutoVideo before or

CVE-2008-0395

Kayako SupportSuite 3.11.01 is affected by CVE-2008-0395: an information-disclosure flaw where a direct request to syncml/index.php prints the PHP $_SERVER superglobal, allowing remote attackers to obtain server configuration information. The vulnerability is triggered through an accessible endpo...

Code injection

stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php...

CVE-2008-0390

CVE-2008-0390 affects AuraCMS 1.62 and Mod Block Statistik for AuraCMS. The vulnerability is a remote code-injection via the X-Forwarded-For header in a stat action to index.php, allowing an attacker to inject arbitrary PHP code into online.db.txt and later execute online.db.txt through a crafted...