Lucene search
K

7210 matches found

Exploit DB
Exploit DB
added 2007/04/15 12:0 a.m.27 views

Web Slider 0.6 - 'path' Remote File Inclusion

Web Slider 0.6pathRemote File Inclusion Vulnerabilities D.Script: http://sourceforge.net/projects/webslider/ Discovered by: GolDM = Mahmoodali Homepage: http://Www.Tryag.Com/cc Exploit:Path/index.php?path=Shell Exploit:Path/modules/pdf.php?path=Shell Exploit:Path/plugins/highlight.php?path=Shell...

7.4AI score
Exploits0
Prion
Prion
added 2007/04/12 7:19 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in JEx-Treme Einfacher Passworschutz allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

4.3CVSS6.1AI score0.01769EPSS
Exploits0References6
CVE
CVE
added 2007/04/12 7:0 p.m.45 views

CVE-2007-2013

CVE-2007-2013 is an XSS in index.php of JEx-Treme Einfacher Passworschutz. Remote attackers can inject arbitrary script via the msg parameter. CVSSv2 base score 4.3 (Medium) with I:P, A:N, C:N; no explicit exploit details or remediation in the provided documents.

4.3CVSS5.7AI score0.01769EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2007/04/12 1:19 a.m.15 views

CVE-2007-1980

SQL injection vulnerability in index.php in the Topliste 1.0 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter...

7.5CVSS8.4AI score0.01065EPSS
Exploits0References5
Prion
Prion
added 2007/04/12 1:19 a.m.23 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the 1 pluginfile parameter to smarty/internals/core.loadpulgins.php or the 2 rootpath parameter to index.php. NOTE: CVE disputes 1 because the inclusion occurs...

7.5CVSS7.9AI score0.01356EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2007/04/12 1:0 a.m.39 views

CVE-2007-1980

The CVE-2007-1980 vulnerability affects the Topliste 1.0 module for PHP-Fusion, specifically in index.php. It is a SQL injection flaw exploitable via the cid parameter, allowing remote attackers to execute arbitrary SQL commands. The NVD CVSS v2 base score is 7.5 (HIGH) with network access, low a...

7.5CVSS8.4AI score0.01065EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2007/04/12 12:19 a.m.12 views

CVE-2007-1978

SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewgamelist action...

7.5CVSS8.3AI score0.01029EPSS
Exploits0References4
Prion
Prion
added 2007/04/12 12:19 a.m.9 views

Sql injection

SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewgamelist action...

7.5CVSS9AI score0.01029EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2007/04/12 12:0 a.m.45 views

CVE-2007-1978

CVE-2007-1978 : SQL injection in the Arcade 1.00 module for PHP-Fusion (index.php, view_game_list action) allows remote attackers to inject arbitrary SQL via the cid parameter. Root cause is unsanitized input leading to database query manipulation. Documents do not provide explicit patch version ...

7.5CVSS8.3AI score0.01029EPSS
Exploits0References4Affected Software1
Packet Storm
Packet Storm
added 2007/04/12 12:0 a.m.18 views

simpcmslight-rfi.txt

Bug Found By Dr.RoVeR --Arab48 Hacker Contact: [email protected] --- Script: SimpCMS Light Download: http://www.simpcms.com/light/normal/simp-cms-light.zip -- Bug File: index.php Bug code in line 31: include $site.".php"; -- Exploit: http://site.com/path/index.php?site=EvilScript --...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2007/04/12 12:0 a.m.53 views

dotclear-xss.txt

------=Part236063482423.1176380209314 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Dotclear 1. Cross Site Scripting Vulnerability 1--two cross site scripting vulnerabilities have been discovered in the dotclear1. allowing ...

7.4AI score
Exploits0
Prion
Prion
added 2007/04/11 10:19 a.m.12 views

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in stat12 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter. NOTE: this issue was published by an unreliable researcher, and there is little information to determine which product is actually affected. Th...

6.8CVSS7.6AI score0.01343EPSS
Exploits0References4
NVD
NVD
added 2007/04/11 10:19 a.m.14 views

CVE-2007-1965

Multiple cross-site scripting XSS vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the setlang parameter to 1 archive.php, 2 article.php, 3 index.php, or 4 topics.php...

4.3CVSS5.6AI score0.01022EPSS
Exploits0References3
NVD
NVD
added 2007/04/11 10:19 a.m.18 views

CVE-2007-1963

SQL injection vulnerability in the createsession function in classsession.php in MyBB aka MyBulletinBoard 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775...

7.5CVSS8.3AI score0.01322EPSS
Exploits0References7
Prion
Prion
added 2007/04/11 10:19 a.m.13 views

Sql injection

SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action...

7.5CVSS9AI score0.01043EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2007/04/11 10:19 a.m.3 views

CVE-2007-1963

SQL injection vulnerability in the createsession function in classsession.php in MyBB aka MyBulletinBoard 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775...

7.5CVSS6.4AI score0.02436EPSS
Exploits1References8
Cvelist
Cvelist
added 2007/04/11 10:0 a.m.23 views

CVE-2007-1967

PHP remote file inclusion vulnerability in index.php in stat12 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter. NOTE: this issue was published by an unreliable researcher, and there is little information to determine which product is actually affected. Th...

7.3AI score0.01343EPSS
Exploits0References4
CVE
CVE
added 2007/04/11 10:0 a.m.40 views

CVE-2007-1967

The CVE-2007-1967 entry describes a PHP remote file inclusion in stat12’s index.php, exploitable via a URL in the langpath parameter to execute arbitrary PHP code. Affected software is stated as stat12 (specifically index.php), with the root cause being a remote file inclusion flaw. Impact is par...

6.8CVSS7.3AI score0.01343EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2007/04/11 10:0 a.m.46 views

CVE-2007-1962

CVE-2007-1962 is an SQL injection in the WF-Snippets 1.02 and earlier module for XOOPS. The vulnerability occurs in index.php via the c parameter in a cat action, enabling remote attackers to execute arbitrary SQL commands. Reported impact: partial confidentiality, integrity, and availability wit...

7.5CVSS8.4AI score0.01043EPSS
Exploits0References5Affected Software1
securityvulns
securityvulns
added 2007/04/11 12:0 a.m.152 views

PcP-Guestbook 3.0 (lang) Local File Inclusion Vulnerabilities

.-""""""""-. / Dj7xpl | | |, .-. .-. ,| | o/ o | |/ / | @ ^^ |IIIIII|/ @8@8|-IIIIII/-| / / @ +Iranian Are The Best In World+ Portal.......: PcP-Book 3.0 Site.........: http://www.pcp-system.at Down.........: http://www.ectona.org/download/?id=621&amp...

0.3AI score
Exploits0
Rows per page
Query Builder