7210 matches found
Information disclosure
Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '' and '' characters...
CVE-2007-3173
CVE-2007-3173 describes an information-disclosure flaw: remote attackers can obtain sensitive data via an activateorder request to index.php using an invalid orderid parameter, with likely involvement of ‘[]’ characters. The root cause is improper handling of the orderid parameter, enabling parti...
CVE-2007-3173
Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '' and '' characters...
phpmydesk-rfi.txt
script:PHPMyDesk Beta Release 1.0b == RFI dir url:http://www.cynux.com/phpmydesk/ author: titanichacker contact:[email protected] H.P : http://hack-teach.com & mohandko.com & tryag.com bug in: ./index.php include$langmod; ./login.php include$langmod; ./logout.php include$langmod;...
CVE-2007-3137
Multiple cross-site scripting XSS vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 sbl, 2 sbr, or 3 search parameter. NOTE: the original disclosure claims the pageid parameter in index.php is affected, but this is...
comicsense-sql.txt
Comicsense SQL Injection Advisory/Exploit by s0cratex [email protected] http://plexinium.net - ComicSense is a script using php / mySQL. It allows you to easily host an Online Comic or Image shack. You can download it from www.gayadesign.nl/comicsense/ - The bug is a common sql injection in...
PostNuke PNPHPBB2 Module Index.PHP SQL注入漏洞
PNphpBB是一款基于PHP的WEB应用程序。 PNphpBB不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'Index.PHP'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 PNphpBB PNphpBB 1.2 g PNphpBB PNphpBB 1.2 f PNphpBB PNphpBB 1.2 目前没有解决方案提供: http://www.pnphpbb.com/modules.php?op=modload&name=ForumNews&file=index...
CVE-2007-3088
SQL injection vulnerability in index.php in Comicsense allows remote attackers to execute arbitrary SQL commands via the epi parameter...
Sql injection
SQL injection vulnerability in index.php in Comicsense allows remote attackers to execute arbitrary SQL commands via the epi parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in BDigital Web Solutions WebStudio allows remote attackers to inject arbitrary web script or HTML via the pageid parameter...
CVE-2007-3070
BDigital Web Solutions WebStudio’s index.php is vulnerable to cross-site scripting (XSS) via the pageid parameter. The CVE-2007-3070 entry specifies an attacker can inject arbitrary web script or HTML, affecting the WebStudio web interface (file index.php) and using pageid as the vector. The prov...
CVE-2007-3070
Cross-site scripting XSS vulnerability in index.php in BDigital Web Solutions WebStudio allows remote attackers to inject arbitrary web script or HTML via the pageid parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in the Attunement and Key Tracker 0.95 and earlier plugin for EQdkp allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the 1 keyshow, 2 sortkey, and 3 show parameters to index.php...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in Buttercup web file manager BWFM May 2007 allows remote attackers to inject arbitrary web script or HTML via the title parameter...
CVE-2007-3055
Cross-site scripting XSS vulnerability in index.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter...
CVE-2007-3055
CVE-2007-3055 is an XSS vulnerability affecting Codelib Linker 2.0.4 and earlier. The issue is in index.php where the cat parameter can be exploited to inject arbitrary web script or HTML, enabling remote script execution in the victim’s browser. The primary sources (NVD entry) confirm the vulner...
CVE-2007-3067
Cross-site scripting XSS vulnerability in the Attunement and Key Tracker 0.95 and earlier plugin for EQdkp allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the 1 keyshow, 2 sortkey, and 3 show parameters to index.php...
CVE-2007-3052
SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter...
Comicsense 0.2 (index.php epi) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl -w ComicSense 0.2 SQL Injection Exploit Discovered by: s0cratex Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Original Advisory: http://seclists.org/bugtraq/2007/Jun/0063.html http://milw0rm.com/exploits/4035 Vulnerable...
Comicsense 0.2 - 'index.php?epi' SQL Injection (2)
!/usr/bin/perl -w ComicSense 0.2 SQL Injection Exploit Discovered by: s0cratex Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Original Advisory: http://seclists.org/bugtraq/2007/Jun/0063.html http://milw0rm.com/exploits/4035 Vulnerable Code index.php: $sqlQuery = "SELECT...