Lucene search
K

7210 matches found

Prion
Prion
added 2007/06/11 10:30 p.m.13 views

Information disclosure

Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '' and '' characters...

5CVSS6.8AI score0.01205EPSS
Exploits0References3
CVE
CVE
added 2007/06/11 10:0 p.m.52 views

CVE-2007-3173

CVE-2007-3173 describes an information-disclosure flaw: remote attackers can obtain sensitive data via an activateorder request to index.php using an invalid orderid parameter, with likely involvement of ‘[]’ characters. The root cause is improper handling of the orderid parameter, enabling parti...

5CVSS6.3AI score0.01205EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2007/06/11 10:0 p.m.18 views

CVE-2007-3173

Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '' and '' characters...

6.2AI score0.01205EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2007/06/11 12:0 a.m.31 views

phpmydesk-rfi.txt

script:PHPMyDesk Beta Release 1.0b == RFI dir url:http://www.cynux.com/phpmydesk/ author: titanichacker contact:[email protected] H.P : http://hack-teach.com & mohandko.com & tryag.com bug in: ./index.php include$langmod; ./login.php include$langmod; ./logout.php include$langmod;...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2007/06/08 4:0 p.m.20 views

CVE-2007-3137

Multiple cross-site scripting XSS vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 sbl, 2 sbr, or 3 search parameter. NOTE: the original disclosure claims the pageid parameter in index.php is affected, but this is...

5.7AI score0.01805EPSS
Exploits1References6
Packet Storm
Packet Storm
added 2007/06/07 12:0 a.m.29 views

comicsense-sql.txt

Comicsense SQL Injection Advisory/Exploit by s0cratex [email protected] http://plexinium.net - ComicSense is a script using php / mySQL. It allows you to easily host an Online Comic or Image shack. You can download it from www.gayadesign.nl/comicsense/ - The bug is a common sql injection in...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2007/06/07 12:0 a.m.24 views

PostNuke PNPHPBB2 Module Index.PHP SQL注入漏洞

PNphpBB是一款基于PHP的WEB应用程序。 PNphpBB不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'Index.PHP'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 PNphpBB PNphpBB 1.2 g PNphpBB PNphpBB 1.2 f PNphpBB PNphpBB 1.2 目前没有解决方案提供: http://www.pnphpbb.com/modules.php?op=modload&name=ForumNews&file=index...

7.1AI score
Exploits0
NVD
NVD
added 2007/06/06 10:30 a.m.16 views

CVE-2007-3088

SQL injection vulnerability in index.php in Comicsense allows remote attackers to execute arbitrary SQL commands via the epi parameter...

7.5CVSS8.4AI score0.01168EPSS
Exploits0References6
Prion
Prion
added 2007/06/06 10:30 a.m.12 views

Sql injection

SQL injection vulnerability in index.php in Comicsense allows remote attackers to execute arbitrary SQL commands via the epi parameter...

7.5CVSS9.1AI score0.01168EPSS
Exploits0References6
Prion
Prion
added 2007/06/06 10:30 a.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in BDigital Web Solutions WebStudio allows remote attackers to inject arbitrary web script or HTML via the pageid parameter...

4.3CVSS6.1AI score0.01802EPSS
Exploits1References6
CVE
CVE
added 2007/06/06 10:0 a.m.42 views

CVE-2007-3070

BDigital Web Solutions WebStudio’s index.php is vulnerable to cross-site scripting (XSS) via the pageid parameter. The CVE-2007-3070 entry specifies an attacker can inject arbitrary web script or HTML, affecting the WebStudio web interface (file index.php) and using pageid as the vector. The prov...

4.3CVSS5.7AI score0.01802EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2007/06/06 10:0 a.m.17 views

CVE-2007-3070

Cross-site scripting XSS vulnerability in index.php in BDigital Web Solutions WebStudio allows remote attackers to inject arbitrary web script or HTML via the pageid parameter...

5.7AI score0.01802EPSS
Exploits1References6
Prion
Prion
added 2007/06/06 1:30 a.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Attunement and Key Tracker 0.95 and earlier plugin for EQdkp allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the 1 keyshow, 2 sortkey, and 3 show parameters to index.php...

4.3CVSS6.3AI score0.01065EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2007/06/06 1:30 a.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Buttercup web file manager BWFM May 2007 allows remote attackers to inject arbitrary web script or HTML via the title parameter...

4.3CVSS6.1AI score0.01485EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2007/06/06 1:0 a.m.13 views

CVE-2007-3055

Cross-site scripting XSS vulnerability in index.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter...

5.7AI score0.01831EPSS
Exploits1References7
CVE
CVE
added 2007/06/06 1:0 a.m.41 views

CVE-2007-3055

CVE-2007-3055 is an XSS vulnerability affecting Codelib Linker 2.0.4 and earlier. The issue is in index.php where the cat parameter can be exploited to inject arbitrary web script or HTML, enabling remote script execution in the victim’s browser. The primary sources (NVD entry) confirm the vulner...

4.3CVSS5.7AI score0.01831EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2007/06/06 1:0 a.m.19 views

CVE-2007-3067

Cross-site scripting XSS vulnerability in the Attunement and Key Tracker 0.95 and earlier plugin for EQdkp allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the 1 keyshow, 2 sortkey, and 3 show parameters to index.php...

5.9AI score0.01065EPSS
Exploits0References5
Cvelist
Cvelist
added 2007/06/06 1:0 a.m.20 views

CVE-2007-3052

SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter...

8.4AI score0.02508EPSS
Exploits0References6
seebug.org
seebug.org
added 2007/06/06 12:0 a.m.20 views

Comicsense 0.2 (index.php epi) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w ComicSense 0.2 SQL Injection Exploit Discovered by: s0cratex Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Original Advisory: http://seclists.org/bugtraq/2007/Jun/0063.html http://milw0rm.com/exploits/4035 Vulnerable...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2007/06/06 12:0 a.m.30 views

Comicsense 0.2 - 'index.php?epi' SQL Injection (2)

!/usr/bin/perl -w ComicSense 0.2 SQL Injection Exploit Discovered by: s0cratex Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Original Advisory: http://seclists.org/bugtraq/2007/Jun/0063.html http://milw0rm.com/exploits/4035 Vulnerable Code index.php: $sqlQuery = "SELECT...

7AI score
Exploits0
Rows per page
Query Builder