7210 matches found
RedLevel Advisory #022 - ClonusWiki .5 Cross-Site Scripting Vulnerability
!-- ClonusWiki .5 - Cross-Site Scripting Vulnerability Vendor: http://clonuswiki.sourceforge.net Vulnerable Variable: query Vulnerable File: index.php Vulnerable: ClonusWiki .5 other versions may also be vulnerable Google d0rk: "ClonusWiki .5" intitle:"ClonusWiki" John Martinelli...
clonuswiki-xss.txt
ClonusWiki .5 - Cross-Site Scripting Vulnerability ClonusWiki .5 - Cross-Site Scripting Vulnerability discovered by John Martinelli of RedLevel Security Google d0rk: "ClonusWiki .5" intitle:"ClonusWiki" file index.php - variable query - method get "alert1"...
Sql injection
SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2007-2805
Multiple cross-site scripting XSS vulnerabilities in index.php in ClientExec CE 3.0 beta2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the 1 ticketID, 2 view, and 3 fuse parameters...
CVE-2007-2806
Multiple cross-site scripting XSS vulnerabilities in index.php in GaliX 2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 galixcatdetail, 2 galixgaldetail, and 3 galixcatdetailsort parameters...
CVE-2007-2806
CVE-2007-2806 describes multiple XSS vulnerabilities in the GaliX 2.0 index.php file, exploitable via parameters galix_cat_detail, galix_gal_detail, and galix_cat_detail_sort. The root cause is improper input handling leading to script/HTML injection, enabling remote attackers to inject arbitrary...
CVE-2007-2805
CVE-2007-2805 is an XSS vulnerability in ClientExec (CE) 3.0 beta2 (and possibly other versions) affecting index.php. The issue allows remote attackers to inject arbitrary web script or HTML via the (1) ticketID, (2) view, and (3) fuse parameters. The connected records confirm the affected softwa...
CVE-2007-2806
Multiple cross-site scripting XSS vulnerabilities in index.php in GaliX 2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 galixcatdetail, 2 galixgaldetail, and 3 galixcatdetailsort parameters...
CVE-2007-2805
Multiple cross-site scripting XSS vulnerabilities in index.php in ClientExec CE 3.0 beta2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the 1 ticketID, 2 view, and 3 fuse parameters...
Directory traversal
Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 allow remote attackers to read arbitrary files via a .. dot dot in the lang parameter to index.php and other unspecified PHP scripts...
AlstraSoft Live Support v1.21 Admin Credential Retrieve Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo " AlstraSoft Live Support v1.21 Admin Credential Retrieve Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love "; if $argc2 echo "Usage: php...
GaliX 2.0 - index.php Multiple Cross-Site Scripting Vulnerabilities
GaliX 2.0 - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/24066/info GaliX is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to...
GaliX 2.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/24066/info GaliX is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other...
MolyX BOARD 2.5.0 - index.php?lang Local File Inclusion
MolyX BOARD 2.5.0 - index.php?lang Local File Inclusion =============== MolyX BOARD 2.5.0 Local File Inclusion ==== Possibly other versions =============== Vulnerability found by MurderSkillz ============================================== =============== d0rk "Powered by MolyX BOARD 2.5.0"...
CVE-2007-2737
Summary (CVE-2007-2737) : The XOOPS MyConference 1.0 module contains an SQL injection in index.php exploitable via the cid parameter. The issue allows a remote attacker to execute arbitrary SQL commands against the underlying database. This is reported in multiple sources (NVD entry and Checkpoin...
wikyblog-rfi.txt
WikyBlog-1.4.12index.php Remote File Include Vulnerability Found by : nkillers nkillersathotmail.com Download http://jaist.dl.sourceforge.net/sourceforge/wikyblog/WikyBlog-1.4.12.zip File: ./index.php requireonce$includeDir.'/wiki2.php'; requireonce$includeDir.'/wiki3.php'; Exploit...
Mambo Component com_yanc 1.4 Beta - id SQL Injection
Mambo Component comyanc 1.4 Beta - id SQL Injection ------------------------------ ------------------------------- Mambo comyanc v1.4 beta id Blind Remote SQL Injection Vuln ------------------------------------------------------------- Bulan: Cyber-Security...
Mambo Component com_yanc 1.4 Beta - 'id' SQL Injection
------------------------------ ------------------------------- Mambo comyanc v1.4 beta id Blind Remote SQL Injection Vuln ------------------------------------------------------------- Bulan: Cyber-Security ------------------------------------------------------------- Exploit:...
CVE-2007-2681
Directory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the coresubdir parameter...
CVE-2007-2636
Unspecified vulnerability in phpTodo before 0.8.1 allows remote attackers to have an unknown impact via newlines in regular expressions to 1 index.php, 2 feed.php, 3 prefs.php, and 4 todolist.php; and 5 classTodoItem.php and 6 phpTodoUser.php in libs/. NOTE: some of these details are obtained fro...