Cross site scripting

Cross-site scripting XSS vulnerability in index.php in PHP Running Management phpRunMan before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter...

CVE-2008-0258

Cross-site scripting XSS vulnerability in index.php in PHP Running Management phpRunMan before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter...

Sql injection

SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter...

CVE-2008-0270

SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter...

CVE-2008-0258

CVE-2008-0258 affects PHP Running Management (phpRunMan) index.php; it is a Cross-Site Scripting (XSS) vulnerability via the message parameter in versions before 1.0.3. The vulnerability allows remote attackers to inject arbitrary script/HTML, with no authentication required (CVSS v2 base score 4...

CVE-2008-0278

CVE-2008-0278: X7 Chat (2.0.5 and possibly earlier) is vulnerable to SQL injection via the day parameter in index.php when page is set to event (sm_window action). The vulnerability allows remote attackers to manipulate database queries, potentially disclosing data, bypassing authentication, or m...

CVE-2008-0270

SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter...

X7 Chat index.php day Parameter SQL Injection

The remote host is running X7 Chat, a web-based chat program written in PHP. The version of X7 Chat installed on the remote host fails to sanitize input to the 'day' parameter of the 'index.php' script when 'page' is set to 'event' before using it in 'sources/infobox.php' to construct database...

CVE-2008-0232

Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to index.php, or the 2 f or t parameters to forums/index.php...

CVE-2008-0231

Multiple directory traversal vulnerabilities in index.php in Tuned Studios 1 Subwoofer, 2 Freeze Theme, 3 Orange Cutout, 4 Lonely Maple, 5 Endless, 6 Classic Theme, and 7 Music Theme webpage templates allow remote attackers to include and execute arbitrary files via ".." sequences in the page...

Sql injection

Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to index.php, or the 2 f or t parameters to forums/index.php...

DomPHP 0.81 (index.php cat) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================== DomPHP 0.81 index.php cat Remote SQL Injection Vulnerability ==============================================================...

CVE-2008-0232

Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to index.php, or the 2 f or t parameters to forums/index.php...

vcart 3.3.2 Multiple Remote File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications ========================================================== vcart 3.3.2 Multiple Remote File Inclusion Vulnerabilities ==========================================================...

CVE-2008-0231

Technical details about CVE-2008-0231 are not publicly provided in the supplied documents. Monitor for updates from official advisories.

vcart 3.3.2 - Multiple Remote File Inclusions

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Scripts : vcart version 3.3.2 Discovered By : k1n9k0ng Scripts site : http://www.visionburst.com/ Thanks To : sekuritionline, semprol, bajingan, mimid, r.i.p, x-code, yogyafree special To : adhietslank, suka...

Sql injection

SQL injection vulnerability in index.php in the Newbbplus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter...

CVE-2008-0224

SQL injection vulnerability in index.php in the Newbbplus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter...

Crlf injection

CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter...

CVE-2008-0201

Cross-site scripting XSS vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter...