7210 matches found
CVE-2007-5068
SQL injection vulnerability in index.php in phpFullAnnu PFA 6.0 allows remote attackers to execute arbitrary SQL commands via the mod parameter...
CVE-2007-5068
CVE-2007-5068 is a SQL injection vulnerability affecting phpFullAnnu (PFA) 6.0, where an attacker can inject arbitrary SQL via the mod parameter in index.php. The vulnerability is confirmed in multiple sources (NVD/NVD mirror entries) and has a base CVSS v2 score of 7.5 (HIGH) with network access...
CVE-2007-5050
The CVE-2007-5050 entry describes a directory traversal in Neuron News 1.0: index.php vulnerable to a ".." in the q parameter, permitting remote attackers to include and execute arbitrary local files. Affected software: Neuron News 1.0 (PHP). Root cause is improper input validation on q that perm...
neuron news 1.0 (index.php q) Local File Inclusion Vulnerability
No description provided by source. |/// \ - - // Y! Underground Group @ @ ----oOOo---oOOo-------------------------------------------------- Portal : Neuron News 1.0 Download : http://downloads.localhost.be/scripts/neuronnews.zip Author : Dj7xpl HomePage : http://r00t.ir / http://Dj7xpl.2600.ir...
neuron news 1.0 (index.php q) Local File Inclusion Vulnerability
Exploit for unknown platform in category web applications ================================================================ neuron news 1.0 index.php q Local File Inclusion Vulnerability ================================================================ \|/// \ - - // Y! Underground Group @ @...
CVE-2007-5013
Multiple cross-site scripting XSS vulnerabilities in index.php in Phormer 3.31 allow remote attackers to inject arbitrary web script or HTML via the 1 u, 2 p, 3 c, and 4 s parameters, and other unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained sole...
Sql injection
SQL injection vulnerability in index.php in the Ktauber.com StylesDemo mod for phpBB 2.0.xx allows remote attackers to execute arbitrary SQL commands via the s parameter...
CVE-2007-4984
CVE-2007-4984 affects the Ktauber.com StylesDemo mod for phpBB 2.0.x. Vulnerable component: index.php; vulnerable via the s parameter causing SQL injection. Root cause: improper handling of input leading to arbitrary SQL execution by remote attackers. Impact, per CVSS: AV:N/AC:L/Au:N/C:P/I:P/A:P ...
saforum 注射漏洞
saforum是国内安全研究人员修改过的saforum论坛,但是代码中有一点瑕疵导致可能被获取管理员权限: \include\common.php 行4149引入没有过滤的变量 ------cut----------------- ifgetenv'HTTPCLIENTIP' $onlineip = getenv'HTTPCLIENTIP'; elseifgetenv'HTTPXFORWARDEDFOR' $onlineip = getenv'HTTPXFORWARDEDFOR'; elseifgetenv'REMOTEADDR' $onlineip =...
CVE-2007-4958
Multiple cross-site scripting XSS vulnerabilities in TinyWebGallery TWG 1.6.3.4 allow remote attackers to inject arbitrary web script or HTML via the URI for 1 index.php, 2 iframes/ilogin.php, and 3 iframes/itoptags.php. NOTE: the provenance of this information is unknown; the details are obtaine...
Sql injection
Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via 1 the pseudo parameter to login.php, 2 the id parameter to index.php in a carnet editer action in the MemberSpace espacemembre module, or 3 the typenav parameter to index.php in a...
CVE-2007-4956
Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via 1 the pseudo parameter to login.php, 2 the id parameter to index.php in a carnet editer action in the MemberSpace espacemembre module, or 3 the typenav parameter to index.php in a...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in myphpPagetool 0.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the ptinclude parameter to 1 help1.php, 2 help2.php, 3 help3.php, 4 help4.php, 5 help5.php, 6 help6.php, 7 help7.php, 7 help8.php, 8 help9.php, or 10 index.p...
CVE-2007-4953
SimpCMS CVE-2007-4953 is a SQL injection vulnerability in index.php where a remote attacker can influence the keyword parameter of a search site action to execute arbitrary SQL. The entry details a high-severity issue (CVSSv2 base score 7.5) with network attack vector and no authentication requir...
CVE-2007-4918
SQL injection vulnerability in classes/gelato.class.php in Gelato allows remote attackers to execute arbitrary SQL commands via the post parameter to index.php...
Vulnerability in Nucleus
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в Nucleus. XSS: Уязвимость на странице index.php в параметре archive. http://site/index.php?blogid=1&archive=2007-01-013Cscript3Ealertdocument.cookie3C/script3E Дополнительная информация о данной уязвимости у меня н...
JBlog 1.0 (index.php id) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ===================================================== JBlog 1.0 index.php id Remote SQL Injection Exploit ===================================================== Script....................................: JBlog ver 1.0 Script...
JBlog 1.0 - index.php?id SQL Injection
JBlog 1.0 - index.php?id SQL Injection Script....................................: JBlog ver 1.0 Script Site...........................: http://www.jmuller.net/jblog/index.php Vulnerability........................: Remote SQL injection Exploit Access..................................: Remote...
JBlog 1.0 (index.php id) Remote SQL Injection Exploit
No description provided by source. Script....................................: JBlog ver 1.0 Script Site...........................: http://www.jmuller.net/jblog/index.php Vulnerability........................: Remote SQL injection Exploit Access..................................: Remote...
Gelato - 'index.php?post' SQL Injection
? Gelato SQL Injection exploit Dork: "powered by gelato cms" Homepage: http://gelatocms.com s 0 c r a t e x msn: s0cratexatnasadotgov greetz: D.O.M and plexinium team iniset"maxexecutiontime",0; function gettext $in = fopen"php://stdin", 'r'; $text = fgets$in, 1024; $text = trim$text; return $tex...