7210 matches found
Comicsense 0.2 - index.php?epi SQL Injection (2)
Comicsense 0.2 - index.php?epi SQL Injection 2 !/usr/bin/perl -w ComicSense 0.2 SQL Injection Exploit Discovered by: s0cratex Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Original Advisory: http://seclists.org/bugtraq/2007/Jun/0063.html http://milw0rm.com/exploits/4035...
Comicsense 0.2 - 'index.php?epi' SQL Injection (2)
!/usr/bin/perl -w ComicSense 0.2 SQL Injection Exploit Discovered by: s0cratex Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Original Advisory: http://seclists.org/bugtraq/2007/Jun/0063.html http://milw0rm.com/exploits/4035 Vulnerable Code index.php: $sqlQuery = "SELECT...
Comicsense 0.2 (index.php epi) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ================================================================= Comicsense 0.2 index.php epi Remote SQL Injection Vulnerability ================================================================= Comicsense SQL Injection Advisory/Exploit b...
Sql injection
Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 catid or 2 year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225...
Design/Logic Flaw
PHP JackKnife PHPJK allows remote attackers to obtain sensitive information via 1 a request to index.php with an invalid value of the iParentUnq parameter, or a request to GDisplay.php with an invalid 2 iCategoryUnq or 3 sSort array parameter, which reveals the path in various error messages...
CVE-2007-3003
Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 catid or 2 year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225...
MyBloggie Index.PHP SQL注入漏洞
MyBloggie是一款基于PHP的WEB应用程序。 MyBloggie不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'Archives.PHPIndex.PHP'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 myBloggie myBloggie 2.1.6 myBloggie myBloggie 2.1.5 myBloggie myBloggie 2.1.4 myBloggie myBloggie 2.1.3 Beta myBloggie myBloggie 2.1.3...
Linker index.php - Cross-Site Scripting Vulnerability
Linker index.php - Cross-Site Scripting Vulnerability Vulnerability: http://www.target.com/index.php?cat=3E223E3CScRiPt200a0d3Ealertdocument.cookie3B3C/script3E Vulnerable: All Versions Script : http://enproject.codelib.co.kr ----------------------------------------------- Credits : Vagrant Conta...
Linker 2.0.4 - index.php Cross-Site Scripting
Linker 2.0.4 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/24277/info Codelib Linker is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary scrip...
CVE-2007-2932
Cross-site scripting XSS vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action...
Sql injection
SQL injection vulnerability in index.php in the Phil-a-Form comphilaform 1.2.0.0 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the formid parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action...
CVE-2007-2932
CVE-2007-2932 affects boastMachine (all versions) with a cross-site scripting (CWE-79) flaw in index.php, exploitable via the blog parameter in a content search action to execute arbitrary script in the user’s browser. Multiple connected sources (JVNDB/JVN, NVD entries, and CVE records) confirm t...
CVE-2007-2932
Cross-site scripting XSS vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action...
CVE-2007-2933
The CVE-2007-2933 entry describes an SQL injection in the Phil-a-Form (com_philaform) Joomla! component. Affected version: 1.2.0.0 and earlier. Vulnerable component is index.php where attacker-supplied form_id can be used to inject and execute arbitrary SQL commands remotely. Impact as stated: pa...
CVE-2007-2913
Cross-site scripting XSS vulnerability in index.php in ClonusWiki .5 allows remote attackers to inject arbitrary web script or HTML via the query parameter...
CVE-2007-2913
Cross-site scripting XSS vulnerability in index.php in ClonusWiki .5 allows remote attackers to inject arbitrary web script or HTML via the query parameter...
CVE-2007-2913
CVE-2007-2913: Cross-site scripting in ClonusWiki 0.5 (index.php) allows remote injection of arbitrary script/HTML via the query parameter. Exploitation/impact details beyond this are not specified in the provided documents; no remediation or patch/version information is given.
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in Web Icerik Yonetim Sistemi WIYS 1.0 allows remote attackers to inject arbitrary web script or HTML via the No parameter in the Sayfa page...
BoastMachine index.php Cross Site Scripting Vulnerability
Vulnerability: http://www.target.com/index.php?action=search&item=content&blog=3E223E3CScRiPt200a0d3Ealertdocument.cookie3B3C/ScRiPt3E Vulnerable: All Versions...