7210 matches found
CVE-2007-3430
SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action...
Sql injection
Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 rc8 allow remote attackers to execute arbitrary SQL commands via the 1 id or 2 type parameter...
Sql injection
SQL injection vulnerability in index.php in pagetool 1.07 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a pagetoolnews action...
6ALBlog (newsid) Remote SQL Injection Vulnerability
No description provided by source. +By CrackersChild+ Portal.......: 6ALBlog All Versions Download.....: http://down.otand.com/download/code/php/blog/6alblog.rar Author.......: CrackersChild | [email protected] & [email protected] Class........: Remote SQL Injection and Remote File...
Simple Invoices Index.PHP SQL注入漏洞
Simple Invoices是一款基于PHP的WEB应用程序。 Simple Invoices不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'index.php'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可导致应用程序处理时更改原来的SQL逻辑,攻击者可以获得敏感信息或者操作数据库。 Simple Invoices 20070525 目前没有解决方案提供: http://www.simpleinvoices.org/ ?/ Exploit Name: Simple Invoices 2007 05 25...
Pharmacy System Index.PHP SQL注入漏洞
Pharmacy System是一款基于PHP的WEB应用程序。 Pharmacy System不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'index.php'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可导致应用程序处理时更改原来的SQL逻辑,攻击者可以获得敏感信息或者操作数据库。 NetArt Media Pharmacy System 2.0 目前没有解决方案提供: http://www.netartmedia.net/pharmacysystem/...
6ALBlog Index.PHP远程文件包含漏洞
6ALBlog是一款基于PHP的WEB应用程序。 6ALBlog不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Index.PHP'脚本对用户提交的'pg'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 6ALBlog 目前没有详细解决方案提供: http://down.otand.com/download/code/php/blog/ http://www.example.com/admin/index.php?pg=Sh3ll?...
PHPAccounts Index.PHP SQL注入漏洞
PHPAccounts是一款基于PHP的WEB应用程序。 PHPAccounts不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'Index.PHP'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可导致应用程序处理时更改原来的SQL逻辑,攻击者可以获得敏感信息或者操作数据库。 PHPAccounts 0.5 目前没有解决方案提供: http://phpaccounts.com/ http://www.example.com/path/index.php?OutgoingTypeID=SQL INJECTION...
Sql injection
Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 allow remote attackers to execute arbitrary SQL commands via the 1 OutgoingTypeID, 2 OutgoingID, 3 ProjectID, 4 ClientID, 5 InvoiceID, or 6 VendorID parameter...
CVE-2007-3345
Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 allow remote attackers to execute arbitrary SQL commands via the 1 OutgoingTypeID, 2 OutgoingID, 3 ProjectID, 4 ClientID, 5 InvoiceID, or 6 VendorID parameter...
CVE-2007-3346
CVE-2007-3346 affects PHPAccounts 0.5, where a directory traversal in index.php enables remote attackers to include arbitrary local files by manipulating the page parameter. The vulnerability stems from improper handling of file path input, leading to potential Local File Inclusion. The impact is...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in Site@School S@S 2.4.10 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2007-3272
CVE-2007-3272 affects MiniBB 2.0.5. The vulnerability is a directory traversal in index.php where an attacker can read arbitrary files by manipulating the language parameter in a register action (via ..). Documents do not provide exploitation steps, affected versions beyond 2.0.5, or explicit rem...
CVE-2007-3276
CVE-2007-3276 describes a Cross-site Scripting (XSS) vulnerability in Site@School (S@S) 2.4.10, specifically in index.php where the q parameter can be exploited to inject arbitrary script or HTML. The vulnerability is exploitable by remote attackers via the web and is associated with a CVSS v2 ba...
Cross site scripting
Cross-site scripting XSS vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHPSELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative sessio...
CVE-2007-3229
index.php in Singapore Gallery allows remote attackers to obtain sensitive information via a request with a non-directory gallery parameter, which reveals the path in an error message...
CVE-2007-3229
Summary: CVE-2007-3229 relates to index.php in the Singapore Gallery. Vulnerability: Remote attackers can trigger an error message by supplying a non-directory gallery parameter, which reveals the server path and exposes sensitive information. Impact: Partial disclosure of information (path data)...
WordPress Vistered Little Theme - XSS
Because of this vulnerability in 404.php, the attackers can inject arbitrary web script or HTML via the URI REQUESTURI that accesses index.php. Solution Update the theme...
CVE-2007-3195
Cross-site scripting XSS vulnerability in index.php in ERFAN WIKI 1.00 allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2007-3195
CVE-2007-3195 describes a cross-site scripting (XSS) vulnerability in the ERFAN WIKI 1.00 software. The issue is in the page index.php where the title parameter can be exploited to inject arbitrary web script or HTML. The description indicates the vulnerability arises from not properly neutralizi...