CVE-2007-6309

Multiple cross-site scripting XSS vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via 1 the galleryID parameter in a usergallery upload action; or the 2 upID, 3 tag, 4 month, 5 userID, or 6 year parameter in a calendar announce action...

Mcms Easy Web Make (index.php template) Local File Inclusion Vuln

Exploit for unknown platform in category web applications ================================================================= Mcms Easy Web Make index.php template Local File Inclusion Vuln =================================================================...

Joomla! Index.PHP SQL注入漏洞

Joomla!是一款基于PHP的WEB应用程序。 Joomla!不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是由于'Index.PHP'脚本对用户提交的WEB参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 Joomla 1.5 RC3 目前没有解决方案提供： http://www.joomla.org/component/option,comfrontpage/Itemid,1/...

ezContents 1.4.5 (index.php link) Remote File Disclosure Vulnerability

No description provided by source. -------------------------------------------------------------- ezContents Version 1.4.5 Remote File Disclosure Vulnerability. -------------------------------------------------------------- download : http://www.visualshapers.com/ author : p4imi0 contact :...

EZContents 1.4.5 - index.php?link Remote File Disclosure

EZContents 1.4.5 - index.php?link Remote File Disclosure -------------------------------------------------------------- ezContents Version 1.4.5 Remote File Disclosure Vulnerability. -------------------------------------------------------------- download : http://www.visualshapers.com/ author :...

CVE-2007-6213

CVE-2007-6213 concerns WebED 0.0.9. Multiple directory traversal flaws in mod/chat/index.php allow remote reading of arbitrary files via a .. in the Root and Path parameters, affecting confidentiality (C:P) with no integrity/availability impact stated. CVSS v2 score is 5.0 (Medium) with network a...

Project Alumni Index.PHP Act参数本地文件包含漏洞

Project Alumni是一款基于PHP的WEB应用程序。 Project Alumni不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是由于'Index.PHP'脚本对用户提交的'act'参数缺少过滤，提交包含多个"../"字符作为参数数据，可绕过WEB ROOT限制，以WEB权限查看系统文件内容。 Project Alumni 1.0.9 目前没有解决方案提供： https://sourceforge.net/projects/project-alumni/...

webed-disclose.txt

WebED v0.0.9 index.php Remote File Disclosure Vulnerabilities Script : http://heanet.dl.sourceforge.net/sourceforge/ed-engine/WebEDv0.0.9.tar.gz Vuln Code In /mod/chat/index.php : PoC : /mod/chat/index.php?Root=../../../../../../etc/passwd /mod/chat/index.php?Path=../../../../../../etc/pa...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in SimpleGallery 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the album parameter...

CVE-2007-6162

Cross-site scripting XSS vulnerability in index.php in FMDeluxe 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a category action...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via the aarstal parameter in a yeardetail action...

CVE-2007-6159

The CVE-2007-6159 entry describes an SQL injection in index.php of Tilde CMS 4.x and earlier, exploitable via the aarstal parameter in the yeardetail action. This allows remote attackers to execute arbitrary SQL commands and is noted as a vector different from CVE-2006-1500.

CVE-2007-6161

index.php in Tilde CMS 4.x and earlier allows remote attackers to obtain sensitive information via a certain search parameter value in a search action, which reveals the path...

CVE-2007-6160

CVE-2007-6160 describes a cross-site scripting (XSS) vulnerability in the index.php of Tilde CMS 4.x and earlier . The issue allows remote attackers to inject arbitrary web script or HTML via the aarstal parameter in a yeardetail action. The provided documents confirm the affected product/version...

WebED 0.0.9 - index.php Remote File Disclosure

WebED 0.0.9 - index.php Remote File Disclosure WebED v0.0.9 index.php Remote File Disclosure Vulnerabilities Script : http://heanet.dl.sourceforge.net/sourceforge/ed-engine/WebEDv0.0.9.tar.gz Vuln Code In /mod/chat/index.php : PoC : /mod/chat/index.php?Root=../../../../../../etc/passwd...

WebED 0.0.9 (index.php) Remote File Disclosure Vulnerability

Exploit for unknown platform in category web applications ============================================================ WebED 0.0.9 index.php Remote File Disclosure Vulnerability ============================================================ WebED v0.0.9 index.php Remote File Disclosure...

WebED 0.0.9 (index.php) Remote File Disclosure Vulnerability

No description provided by source. WebED v0.0.9 index.php Remote File Disclosure Vulnerabilities Script : http://heanet.dl.sourceforge.net/sourceforge/ed-engine/WebEDv0.0.9.tar.gz Vuln Code In /mod/chat/index.php : body ?php readfile$Root.$Path; ? ---xxx form action="applicationloader.php"...

WebED 0.0.9 - 'index.php' Remote File Disclosure

WebED v0.0.9 index.php Remote File Disclosure Vulnerabilities Script : http://heanet.dl.sourceforge.net/sourceforge/ed-engine/WebEDv0.0.9.tar.gz Vuln Code In /mod/chat/index.php : PoC : /mod/chat/index.php?Root=../../../../../../etc/passwd /mod/chat/index.php?Path=../../../../../../etc/pa...

projectalumni-disclose.txt

project alumni 1.0.9 remote file disclosure vulnerability download : https://sourceforge.net/projects/project-alumni/ vulnerable code on index.php include$SERVER'DOCUMENTROOT' . "/pages/" . $GET'act' . ".page.inc.php"; exploit : http://victim/path/index.php?act=../../../../../../etc/passwd%00...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in M2Scripts MySpace Scripts Poll Creator allow remote attackers to inject arbitrary web script or HTML via the 1 title, 2 intro, and 3 question parameters, and 4 unspecified answer parameters, in a createnew action. NOTE: some of the...