7210 matches found
Web Slider 0.6 - 'path' Remote File Inclusion
Web Slider 0.6pathRemote File Inclusion Vulnerabilities D.Script: http://sourceforge.net/projects/webslider/ Discovered by: GolDM = Mahmoodali Homepage: http://Www.Tryag.Com/cc Exploit:Path/index.php?path=Shell Exploit:Path/modules/pdf.php?path=Shell Exploit:Path/plugins/highlight.php?path=Shell...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in JEx-Treme Einfacher Passworschutz allows remote attackers to inject arbitrary web script or HTML via the msg parameter...
CVE-2007-2013
CVE-2007-2013 is an XSS in index.php of JEx-Treme Einfacher Passworschutz. Remote attackers can inject arbitrary script via the msg parameter. CVSSv2 base score 4.3 (Medium) with I:P, A:N, C:N; no explicit exploit details or remediation in the provided documents.
CVE-2007-1980
SQL injection vulnerability in index.php in the Topliste 1.0 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the 1 pluginfile parameter to smarty/internals/core.loadpulgins.php or the 2 rootpath parameter to index.php. NOTE: CVE disputes 1 because the inclusion occurs...
CVE-2007-1980
The CVE-2007-1980 vulnerability affects the Topliste 1.0 module for PHP-Fusion, specifically in index.php. It is a SQL injection flaw exploitable via the cid parameter, allowing remote attackers to execute arbitrary SQL commands. The NVD CVSS v2 base score is 7.5 (HIGH) with network access, low a...
CVE-2007-1978
SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewgamelist action...
Sql injection
SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewgamelist action...
CVE-2007-1978
CVE-2007-1978 : SQL injection in the Arcade 1.00 module for PHP-Fusion (index.php, view_game_list action) allows remote attackers to inject arbitrary SQL via the cid parameter. Root cause is unsanitized input leading to database query manipulation. Documents do not provide explicit patch version ...
simpcmslight-rfi.txt
Bug Found By Dr.RoVeR --Arab48 Hacker Contact: [email protected] --- Script: SimpCMS Light Download: http://www.simpcms.com/light/normal/simp-cms-light.zip -- Bug File: index.php Bug code in line 31: include $site.".php"; -- Exploit: http://site.com/path/index.php?site=EvilScript --...
dotclear-xss.txt
------=Part236063482423.1176380209314 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Dotclear 1. Cross Site Scripting Vulnerability 1--two cross site scripting vulnerabilities have been discovered in the dotclear1. allowing ...
Remote file inclusion
PHP remote file inclusion vulnerability in index.php in stat12 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter. NOTE: this issue was published by an unreliable researcher, and there is little information to determine which product is actually affected. Th...
CVE-2007-1965
Multiple cross-site scripting XSS vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the setlang parameter to 1 archive.php, 2 article.php, 3 index.php, or 4 topics.php...
CVE-2007-1963
SQL injection vulnerability in the createsession function in classsession.php in MyBB aka MyBulletinBoard 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775...
Sql injection
SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action...
CVE-2007-1963
SQL injection vulnerability in the createsession function in classsession.php in MyBB aka MyBulletinBoard 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775...
CVE-2007-1967
PHP remote file inclusion vulnerability in index.php in stat12 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter. NOTE: this issue was published by an unreliable researcher, and there is little information to determine which product is actually affected. Th...
CVE-2007-1967
The CVE-2007-1967 entry describes a PHP remote file inclusion in stat12’s index.php, exploitable via a URL in the langpath parameter to execute arbitrary PHP code. Affected software is stated as stat12 (specifically index.php), with the root cause being a remote file inclusion flaw. Impact is par...
CVE-2007-1962
CVE-2007-1962 is an SQL injection in the WF-Snippets 1.02 and earlier module for XOOPS. The vulnerability occurs in index.php via the c parameter in a cat action, enabling remote attackers to execute arbitrary SQL commands. Reported impact: partial confidentiality, integrity, and availability wit...
PcP-Guestbook 3.0 (lang) Local File Inclusion Vulnerabilities
.-""""""""-. / Dj7xpl | | |, .-. .-. ,| | o/ o | |/ / | @ ^^ |IIIIII|/ @8@8|-IIIIII/-| / / @ +Iranian Are The Best In World+ Portal.......: PcP-Book 3.0 Site.........: http://www.pcp-system.at Down.........: http://www.ectona.org/download/?id=621&...