Lucene search
K

7210 matches found

Cvelist
Cvelist
added 2007/06/27 12:0 a.m.19 views

CVE-2007-3430

SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action...

8.4AI score0.01195EPSS
Exploits1References6
Prion
Prion
added 2007/06/26 11:30 p.m.13 views

Sql injection

Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 rc8 allow remote attackers to execute arbitrary SQL commands via the 1 id or 2 type parameter...

7.5CVSS9.3AI score0.01063EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2007/06/26 5:30 p.m.12 views

Sql injection

SQL injection vulnerability in index.php in pagetool 1.07 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a pagetoolnews action...

7.5CVSS9.1AI score0.01223EPSS
Exploits0References6Affected Software1
seebug.org
seebug.org
added 2007/06/26 12:0 a.m.25 views

6ALBlog (newsid) Remote SQL Injection Vulnerability

No description provided by source. +By CrackersChild+ Portal.......: 6ALBlog All Versions Download.....: http://down.otand.com/download/code/php/blog/6alblog.rar Author.......: CrackersChild | [email protected] & [email protected] Class........: Remote SQL Injection and Remote File...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/06/26 12:0 a.m.24 views

Simple Invoices Index.PHP SQL注入漏洞

Simple Invoices是一款基于PHP的WEB应用程序。 Simple Invoices不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'index.php'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可导致应用程序处理时更改原来的SQL逻辑,攻击者可以获得敏感信息或者操作数据库。 Simple Invoices 20070525 目前没有解决方案提供: http://www.simpleinvoices.org/ ?/ Exploit Name: Simple Invoices 2007 05 25...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/06/26 12:0 a.m.19 views

Pharmacy System Index.PHP SQL注入漏洞

Pharmacy System是一款基于PHP的WEB应用程序。 Pharmacy System不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'index.php'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可导致应用程序处理时更改原来的SQL逻辑,攻击者可以获得敏感信息或者操作数据库。 NetArt Media Pharmacy System 2.0 目前没有解决方案提供: http://www.netartmedia.net/pharmacysystem/...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/06/26 12:0 a.m.33 views

6ALBlog Index.PHP远程文件包含漏洞

6ALBlog是一款基于PHP的WEB应用程序。 6ALBlog不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Index.PHP'脚本对用户提交的'pg'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 6ALBlog 目前没有详细解决方案提供: http://down.otand.com/download/code/php/blog/ http://www.example.com/admin/index.php?pg=Sh3ll?...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/06/25 12:0 a.m.26 views

PHPAccounts Index.PHP SQL注入漏洞

PHPAccounts是一款基于PHP的WEB应用程序。 PHPAccounts不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'Index.PHP'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可导致应用程序处理时更改原来的SQL逻辑,攻击者可以获得敏感信息或者操作数据库。 PHPAccounts 0.5 目前没有解决方案提供: http://phpaccounts.com/ http://www.example.com/path/index.php?OutgoingTypeID=SQL INJECTION...

7.1AI score
Exploits0
Prion
Prion
added 2007/06/22 6:30 p.m.12 views

Sql injection

Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 allow remote attackers to execute arbitrary SQL commands via the 1 OutgoingTypeID, 2 OutgoingID, 3 ProjectID, 4 ClientID, 5 InvoiceID, or 6 VendorID parameter...

7.5CVSS9.3AI score0.01051EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2007/06/22 6:0 p.m.18 views

CVE-2007-3345

Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 allow remote attackers to execute arbitrary SQL commands via the 1 OutgoingTypeID, 2 OutgoingID, 3 ProjectID, 4 ClientID, 5 InvoiceID, or 6 VendorID parameter...

8.5AI score0.01051EPSS
Exploits0References3
CVE
CVE
added 2007/06/22 6:0 p.m.36 views

CVE-2007-3346

CVE-2007-3346 affects PHPAccounts 0.5, where a directory traversal in index.php enables remote attackers to include arbitrary local files by manipulating the page parameter. The vulnerability stems from improper handling of file path input, leading to potential Local File Inclusion. The impact is...

7.8CVSS6.7AI score0.02768EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2007/06/19 9:30 p.m.9 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Site@School S@S 2.4.10 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

4.3CVSS6AI score0.01022EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2007/06/19 9:0 p.m.60 views

CVE-2007-3272

CVE-2007-3272 affects MiniBB 2.0.5. The vulnerability is a directory traversal in index.php where an attacker can read arbitrary files by manipulating the language parameter in a register action (via ..). Documents do not provide exploitation steps, affected versions beyond 2.0.5, or explicit rem...

7.8CVSS6.7AI score0.0284EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2007/06/19 9:0 p.m.37 views

CVE-2007-3276

CVE-2007-3276 describes a Cross-site Scripting (XSS) vulnerability in Site@School (S@S) 2.4.10, specifically in index.php where the q parameter can be exploited to inject arbitrary script or HTML. The vulnerability is exploitable by remote attackers via the web and is associated with a CVSS v2 ba...

4.3CVSS5.6AI score0.01022EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2007/06/15 1:30 a.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHPSELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative sessio...

4.3CVSS6.9AI score0.03086EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2007/06/14 11:30 p.m.14 views

CVE-2007-3229

index.php in Singapore Gallery allows remote attackers to obtain sensitive information via a request with a non-directory gallery parameter, which reveals the path in an error message...

6.8CVSS6.1AI score0.01153EPSS
Exploits0References3
CVE
CVE
added 2007/06/14 11:0 p.m.35 views

CVE-2007-3229

Summary: CVE-2007-3229 relates to index.php in the Singapore Gallery. Vulnerability: Remote attackers can trigger an error message by supplying a non-directory gallery parameter, which reveals the server path and exposes sensitive information. Impact: Partial disclosure of information (path data)...

6.8CVSS6.1AI score0.01153EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2007/06/14 12:0 a.m.21 views

WordPress Vistered Little Theme - XSS

Because of this vulnerability in 404.php, the attackers can inject arbitrary web script or HTML via the URI REQUESTURI that accesses index.php. Solution Update the theme...

4.3CVSS3AI score0.02776EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2007/06/12 11:0 p.m.13 views

CVE-2007-3195

Cross-site scripting XSS vulnerability in index.php in ERFAN WIKI 1.00 allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

5.6AI score0.01033EPSS
Exploits0References4
CVE
CVE
added 2007/06/12 11:0 p.m.48 views

CVE-2007-3195

CVE-2007-3195 describes a cross-site scripting (XSS) vulnerability in the ERFAN WIKI 1.00 software. The issue is in the page index.php where the title parameter can be exploited to inject arbitrary web script or HTML. The description indicates the vulnerability arises from not properly neutralizi...

4.3CVSS5.6AI score0.01033EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder