CVE-2007-6586

SQL injection vulnerability in sezionenews.php in nicLOR-CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a sezione page action to index.php...

CVE-2007-6577

Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow remote attackers to execute arbitrary SQL commands via 1 the categ parameter in a categ action or 2 the article parameter in an articles action...

Sql injection

SQL injection vulnerability in sezionenews.php in nicLOR-CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a sezione page action to index.php...

Sql injection

Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow remote attackers to execute arbitrary SQL commands via 1 the categ parameter in a categ action or 2 the article parameter in an articles action...

CVE-2007-6577

Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow remote attackers to execute arbitrary SQL commands via 1 the categ parameter in a categ action or 2 the article parameter in an articles action...

CVE-2007-6582

Directory traversal vulnerability in index.php in mBlog 1.2 allows remote attackers to read arbitrary files via a .. dot dot in the page parameter in a page mode action...

Sql injection

Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to execute arbitrary SQL commands via 1 the from parameter to index.php or 2 the page parameter to update.php...

CVE-2007-6560

Multiple cross-site scripting XSS vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to inject arbitrary web script or HTML via 1 the newconfname parameter to profiles.php or 2 the conf parameter to index.php...

CVE-2007-6545

Multiple cross-site scripting XSS vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via 1 the subject parameter to modules/news/submit.php; 2 the PATHINFO to modules/news/index.php, possibly related to the XoopsPageNav class; or 3 an avatar image...

ZeusCMS <= 0.3 Remote Blind SQL Injection Exploit

No description provided by source. ? / ------------------------------------------------- ZeusCMS = 0.3 Remote Blind SQL Injection Exploit ------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://www.zeuscms.gr/ details..: works with...

CVE-2007-6559

Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to execute arbitrary SQL commands via 1 the from parameter to index.php or 2 the page parameter to update.php...

pnphpbb2-lfi.txt

.-----------------------------------------------------------------------------. | vuln.: PNphpBB2 = 1.2i printview.php phpEx Local File Inclusion Vuln. | | download: http://www.pnphpbb.com/ | | dorks: Powered by PNphpBB2 / Powered por PNphpBB2 | | inurl:"index.php?name=PNphpBB2" | | | | author:...

CVE-2007-6552

AuraCMS 2.2 contains a directory traversal vulnerability in index.php: remote authenticated users can include and execute arbitrary local files by supplying a .. (dot dot) in the act parameter, potentially involving the news pilih component. The example given is including admin/admin_users.php to...

CVE-2007-6539

The CVE-2007-6539 entry concerns a PHP local file inclusion in the IDevspot iSupport 1.8 product. The vulnerability arises from index.php’s include_file parameter, enabling remote attackers to include local files. Documented impact is partial confidentiality, integrity, and availability, with a C...

mBlog 'index.php'本地文件包含漏洞

mBlog是一款基于PHP的WEB应用程序。 mBlog不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是由于'index.php'脚本对用户提交的WEB参数缺少过滤，提交远程服务器上的任意文件作为包含对象，可导致以WEB权限执行任意PHP代码。 C97.net mBlog 1.2 目前没有解决方案提供： http://www.c97.net/product.php?p=mblog...

ThemeSiteScript 1.0 - index.php?loadadminpage Remote File Inclusion

ThemeSiteScript 1.0 - index.php?loadadminpage Remote File Inclusion . . NN NNNN JNNN NNNN. NNN NNNNNNNNNNN NN NN NNN.NNNF .NNNNN NN """4NNN""" NN NN NNNNNN NNNNN NNN NNN NN NN 4NNNN NNNNNN.NNF NNN NN NN JNNNNL NN NNNNNN NNN NN NN JNNNNNN JNN NNNNN JNNF NN NN .NNNF NNN. NNN 4NNN NNN NN NN JNNN NNN...

ThemeSiteScript 1.0 (index.php loadadminpage) RFI Vulnerability

Exploit for unknown platform in category web applications =============================================================== ThemeSiteScript 1.0 index.php loadadminpage RFI Vulnerability =============================================================== . . NN NNNN JNNN NNNN. NNN NNNNNNNNNNN NN NN...

Unfixed XSS vulnerability at www.chilli.cc

Security researcher TreX, has submitted on 21/12/2007 a cross-site-scripting XSS vulnerability affecting www.chilli.cc, which at the time of submission ranked 1267507 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 23/12/2007. It is currently...

mBlog 1.2 (page) Remote File Disclosure Vulnerability

Exploit for unknown platform in category web applications ===================================================== mBlog 1.2 page Remote File Disclosure Vulnerability ===================================================== :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::...

CVE-2007-6484

SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...