7210 matches found
Sql injection
SQL injection vulnerability in index.php in phpMyQuote 0.20 allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action...
CVE-2007-4835
The CVE-2007-4835 entry describes an SQL injection in phpMyQuote 0.20, exploitable via the id parameter in an edit action of index.php. The vulnerability allows remote attackers to execute arbitrary SQL commands, as indicated by the description and multiple sources (NVD entry). The root cause is ...
CRS Manager ($DOCUMENT_ROOT) Multi Remote File Include
X---- w w w . u N k n 0 w n . e u ----X CRS Managercrsmanager Multi Remote File Include ::Home: http://crsmanager.berlios.de ::Vuln Type : Remote File Include RFI ::Discovered by : iNs ::Vuln Code: index.php login.php ?php require $DOCUMENTROOT."/../admin/settings/conf.php"; PoC:...
Txx CMS 0.2 - Multiple Remote File Inclusions
:::::::::::::::::::::::::::::::::::::::::::::::::::....................... ::| \ | | \ | | / | ::| | | | | | | | ::| . | |/ / \ | . |/ | ' \ / \ | | | '/ \ \ /\ / / ::| |\ | | | / | |\ | | | | | | | | / | || | | /\ V V / ::|| ||\| || |,|| || ||| || | // :::::::::::::::::::::::::::::We...
RW::Download 2.0.3 lite - index.php?dlid SQL Injection
RW::Download 2.0.3 lite - index.php?dlid SQL Injection RW::Download v2.0.3 lite - Remote SQL Injection Vendor : http://www.rwscripts.com/ Ditemukan oleh : k1tk4t - k1tk4t4tnewhack.org Lokasi : Indonesia -- newhackdotorg @ irc.dal.net Dork : "Powered by RW::Download v2.0.3 lite"...
eNetman v.20050830 (index.php page) Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ======================================================================= eNetman v.20050830 index.php page Remote File Inclusion Vulnerability ======================================================================= Title : eNetman - The...
eNetman 20050830 - index.php Remote File Inclusion
eNetman 20050830 - index.php Remote File Inclusion Title : eNetman - The Enchanced Network Manager Remote File Inclusion URL : http://freshmeat.net/projects/enetman/ Author : JaheeM Exploit : senetman/html/index.php?page= Thanks To : asc, IRC.ASCNET.BIZ milw0rm.com 2007-09-03...
CVE-2007-4645
CVE-2007-4645 affects NMDeluxe 2.0.0; SQL injection vulnerability in index.php (via the newspost do action id parameter) allows remote attackers to execute arbitrary SQL commands. Root cause appears to be unsanitized input used in SQL queries. The provided connected documents confirm the version ...
CVE-2007-4641
CVE-2007-4641 affects Pakupaku CMS 0.4 and earlier. A directory traversal flaw in index.php allows remote attackers to include and execute arbitrary local files by manipulating the page parameter with .., demonstrated by injecting code into an Apache log file. This enables partial confidentiality...
CVE-2007-4627
CVE-2007-4627 describes an SQL injection in ABC eStore 3.0’s index.php, exploitable via the cat_id parameter to execute arbitrary SQL. Root cause: unsafe SQL construction in index.php. Impact stated as partial confidentiality, integrity, and availability. NVD/metrics cite a CVSS v2 base score 7.5...
CVE-2007-4603
Multiple SQL injection vulnerabilities in index.php in ACG News 1.0 allow remote attackers to execute arbitrary SQL commands via 1 the aid parameter in a showarticle action or 2 the catid parameter in a showcat action...
CVE-2007-4597
SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote attackers to execute arbitrary SQL commands via the scid parameter in a searchlist action, a different vector than CVE-2007-2549...
NMDeluxe 2.0.0 - 'id' SQL Injection
not sec group http://www.notsec.com [email protected] NMDeluxe 2.0.0 Class: SQL Injection Found: 30/08/2007 Remote: Yes Site: http://www.wsdeluxe.com/nmdeluxe/ Download: http://downloads.sourceforge.net/nmdeluxe/nmdeluxe2.0.0.zip?modtime=1178396844&bigmirror=0 Vulnerable code: index.php...
ACG News 1.0 (aid/catid) Remote SQL Injection Vulnerabilities
No description provided by source. ACG News SQL Injection Software: ACG News 1.0 Vendor link: http://www.altercoder.com Vendor Demo link: http://acgnews.uw.hu/index.php Attack: SQL Injection Original Advisory: http://14house.blogspot.com/2007/08/acg-news-sql-injection.html Discovered by: David...
ABC estore 3.0 (cat_id) Remote Blind SQL Injection Exploit
Exploit for unknown platform in category web applications ========================================================== ABC estore 3.0 catid Remote Blind SQL Injection Exploit ========================================================== !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1...
ABC estore 3.0 - 'cat_id' Blind SQL Injection
!/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1 print "\n |-------------------------------------------------|"; print "\n | newhackdotorg |"; print "\n |-------------------------------------------------|"; print "\n | ABC estore 3.0 catid Blind SQL Injection |"; print "\n | Found b...
Sql injection
SQL injection vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary SQL commands via the blockpage parameter. NOTE: as of 20070827, the vendor has made conflicting statements regarding whether this issue exists or not...
tikiwiki -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks and disclose potentially sensitive information. Input passed to the username parameter in tiki-remindpassword.php when remi...
mamboremository-sql.txt
Title : Mambo Component RemoSitory cat Remote SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://www.remository.com/ $$ : Free Dork : inurl:func=selectcat + comremository // Result:43.400 DorkEx :...
Sql injection
SQL injection vulnerability in index.php in the RemoSitory component comremository for Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action...