7210 matches found
Unfixed XSS vulnerability at www.knappert-hiese.de
Security researcher BackDoor, has submitted on 04/11/2007 a cross-site-scripting XSS vulnerability affecting www.knappert-hiese.de, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/11/2007. It is...
CVE-2007-1920
SQL injection vulnerability in index.php in the aktualnosci module in SmodBIP 1.06 and earlier allows remote attackers to execute arbitrary SQL commands via the zoom parameter, possibly related to home.php...
Directory traversal
Directory traversal vulnerability in index.php in witshare 0.9 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the menu parameter...
Sql injection
SQL injection vulnerability in index.php in the slownik module in SmodCMS 2.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ssid parameter...
Directory traversal
Multiple directory traversal vulnerabilities in PcP-Guestbook PcP-Book 3.0 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the lang parameter to 1 index.php, 2 gb.php, or 3 faq.php...
CVE-2007-1935
PHP file inclusion vulnerability in admin/index.php in ScarAdControl ScarAdController 1.1 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the site parameter, which is accessed by the fileexists function...
CVE-2007-1931
CVE-2007-1931 affects SmodCMS 2.10 and earlier: SQL injection in index.php (slownik module) via the ssid parameter. This allows remote attackers to execute arbitrary SQL commands. CVSSv2 base score 7.5 (HIGH; AV:N/AC:L/Au:N/C:P/I:P/A:P). Exploitation appears in public references (e.g., exploit-db...
CVE-2007-1928
The CVE-2007-1928 entry affects witshare 0.9 and describes a directory traversal vulnerability in index.php. An attacker can supply a path via the menu parameter (using ..) to cause the application to include and execute arbitrary local files. The documented impact is partial confidentiality, int...
CVE-2007-1919
CVE-2007-1919 describes a Cross-site scripting (XSS) vulnerability in Arizona Dream Livre d'or (livor) 2.5, specifically in index.php where the page parameter can be abused to inject arbitrary web script or HTML. The available sources confirm the vulnerability and affected component, but do not p...
CVE-2007-1931
SQL injection vulnerability in index.php in the slownik module in SmodCMS 2.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ssid parameter...
WitShare 0.9 (index.php menu) Local File Inclusion Vulnerability
No description provided by source. """"""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : :::::...
SimpCMS <= 04.10.2007 (site) Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ================================================================ SimpCMS Arab48 Hacker --- Script: SimpCMS Light Download: http://www.simpcms.com/light/normal/simp-cms-light.zip -- Bug File: index.php Bug code in line 31: include...
SimpCMS <= 04.10.2007 (site) Remote File Inclusion Vulnerability
No description provided by source. Bug Found By Dr.RoVeR --Arab48 Hacker Contact: [email protected] --- Script: SimpCMS Light Download: http://www.simpcms.com/light/normal/simp-cms-light.zip -- Bug File: index.php Bug code in line 31: include $site.".php"; -- Exploit:...
Unfixed XSS vulnerability at www.jvplast.sk
Security researcher www.nullcode.com.ar, has submitted on 04/10/2007 a cross-site-scripting XSS vulnerability affecting www.jvplast.sk, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/10/2007. It is...
Weatimages 1.7.1 - ini[langpack] Remote File Inclusion
RFI Weatimages Hack Script name : Weatimages Script Download Adress:http://www.hotscripts.com/jump.php?listingid=52592&jumptype=1 Demo site:http://www.nazarkin.name/projects/weatimages/demo/index.php?inilangpack=shelladress Google Dork : inurl: index.php?inilangpack= Author:Co-Sarper-Der...
WitShare 0.9 (index.php menu) Local File Inclusion Vulnerability
Exploit for unknown platform in category web applications ================================================================ WitShare 0.9 index.php menu Local File Inclusion Vulnerability ================================================================ """"""""""""""""""""""""""""""""""""""""""""""...
PcP-Guestbook 3.0 (lang) Local File Inclusion Vulnerabilities
Exploit for unknown platform in category web applications ============================================================= PcP-Guestbook 3.0 lang Local File Inclusion Vulnerabilities ============================================================= .-""""""""-. / Dj7xpl \ | | |, .-. .-. ,| | o/ \o | |/ ...
livor-xss.txt
/ livor 2.5 Cross-Site Scripting Vulnerability / //Author: Arham Muhammad //Source: http://www.arizona-dream.com/Usa/Divers/scriptsphp/scripts/livor.zip //Vulnerable File: index.php //XsS: http://victim/path/index.php?page=//alert/xss/; //Risk: Session Hijack //Fix: The Variable "page" Need To Be...
WitShare 0.9 - 'index.php?menu' Local File Inclusion
""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ Security Vulnerability Resear...
Livor 2.5 - index.php Cross-Site Scripting
Livor 2.5 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/23353/info Livor is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in th...