7210 matches found
CVE-2007-5991
CVE-2007-5991 affects ExoPHPdesk: SQL injection in index.php via the user parameter in the profile fn action, enabling remote execution of arbitrary SQL commands. Documented in NVD with a base score of 7.5 (HIGH); attack vector is network and no authentication required. Connected sources also ref...
CVE-2007-6004
Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote attackers to execute arbitrary SQL commands via 1 the id parameter in an artikel action or 2 the katid parameter in a produk action...
Sql injection
SQL injection vulnerability in index.php in TBSource, as used in 1 TBDev and 2 TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter. NOTE: some of these details are obtained from third party information...
CVE-2007-5975
SQL injection vulnerability in index.php in TBSource, as used in 1 TBDev and 2 TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter. NOTE: some of these details are obtained from third party information...
CVE-2007-5982
Multiple cross-site scripting XSS vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the 1 room parameter to sources/frame.php, the 2 themec parameter to help/index.php, or the 3 INSTALLX7CHATVERSION parameter to...
CVE-2007-5984
classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 allows remote attackers to cause a denial of service CPU and memory consumption via a %00 sequence in the dir parameter to index.php, which triggers an erroneous "recursive calculation."...
Design/Logic Flaw
Bandersnatch 0.4 allows remote attackers to obtain sensitive information via a malformed request for index.php with 1 a certain func parameter value; or 2 certain func, jid, page, and limit parameter values; which reveals the path in various error messages...
CVE-2007-5942
Bandersnatch 0.4 allows remote attackers to obtain sensitive information via a malformed request for index.php with 1 a certain func parameter value; or 2 certain func, jid, page, and limit parameter values; which reveals the path in various error messages...
TBsource Index.PHP SQL注入漏洞
TBsource是一款基于PHP的WEB应用程序。 TBsource不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息或操作数据库。 问题是由于'Index.PHP'脚本对用户提交的'choice'参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或可能操作数据库。 TBsource 7alpha.1.01 目前没有详细解决方案提供: http://sourceforge.net/project/showfiles.php?groupid=153513...
CVE-2007-5920
index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote attackers to include certain files via unspecified vectors, possibly due to a directory traversal vulnerability. NOTE: this can be leveraged to bypass authentication and upload files by including picoinsert.php or unspecified...
CVE-2007-5920
CVE-2007-5920 affects PicoFlat CMS (pre-0.4.18). The issue allows remote attackers to include certain files via unspecified vectors, likely due to a directory traversal flaw, potentially bypassing authentication and enabling file uploads by including pico_insert.php or other admin scripts. The ex...
Directory traversal
Directory traversal vulnerability in index.php in easyGB 2.1.1 allows remote attackers to include arbitrary files via the DatabaseType parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2007-5820
CVE-2007-5820 affects Ax Developer CMS (AxDCMS) 0.1.1. It is a directory traversal in index.php that lets remote attackers include and execute arbitrary local files via .. in the module parameter. The provided documents do not specify exploit status or remediation/version fixes; no explicit explo...
nuboard-rfi.txt
nuBoard 0.5 index.php site Remote File Inclusion Vulnerability http://switch.dl.sourceforge.net/sourceforge/nuboard/nuboardv0.5.tar.gz /nuboardv0.5/admin/index.php?site=http://localhost/scripts/020.txt?...
Ax Developer CMS 0.1.1 (index.php module) Local File Inclusion Vuln
No description provided by source. W w w . T r Y a G . C o m Ax Developer CMS 0.1.1 index.php module Local File Inclusion Vulnerability http://sourceforge.net/projects/axdcms/ POC : /index.php?module=../../../../../../../../etc/passwd%00 W w w . T r Y a G . C o m sebug.net...
nuBoard 0.5 - site Remote File Inclusion
nuBoard 0.5 - site Remote File Inclusion nuBoard 0.5 index.php site Remote File Inclusion Vulnerability http://switch.dl.sourceforge.net/sourceforge/nuboard/nuboardv0.5.tar.gz /nuboardv0.5/admin/index.php?site=http://localhost/scripts/020.txt? milw0rm.com 2007-11-04...
nuBoard 0.5 (index.php site) Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ================================================================ nuBoard 0.5 index.php site Remote File Inclusion Vulnerability ================================================================ nuBoard 0.5 index.php site Remote File Inclusi...
Ax Developer CMS 0.1.1 (index.php module) Local File Inclusion Vuln
Exploit for unknown platform in category web applications =================================================================== Ax Developer CMS 0.1.1 index.php module Local File Inclusion Vuln =================================================================== Ax Developer CMS 0.1.1 index.php modu...
ax-lfi.txt
W w w . T r Y a G . C o m Ax Developer CMS 0.1.1 index.php module Local File Inclusion Vulnerability http://sourceforge.net/projects/axdcms/ POC : /index.php?module=../../../../../../../../etc/passwd%00 W w w . T r Y a G . C o m...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in index.php in the File Manager module in Flatnuke 3 allows remote attackers to perform certain actions as administrators via requests containing the pathname in the dir parameter and the filename in the ffile parameter...