Lucene search
K

7210 matches found

Exploit DB
Exploit DB
added 2007/03/10 12:0 a.m.42 views

HC Newssystem 1.0-1.4 - 'index.php?ID' SQL Injection

HC NEWSSYSTEM 1.0-4 index.php "ID" Blind SQL Injection Type : SQL Injection Release Date : 2007-03-08 Product / Vendor : HC Design News Publisher. http://www.hcdesign.at/demo Bug : http://localhost/script/index.php?option=news&aktion=komm&ID=-SQL Inj.- SQL Inj Code : Admin Username/Password Query...

7AI score
Exploits0
UbuntuCve
UbuntuCve
added 2007/03/07 9:19 p.m.23 views

CVE-2007-1326

SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipitymultiCat parameter...

7.5CVSS6.1AI score0.0108EPSS
Exploits0References1
CVE
CVE
added 2007/03/07 9:0 p.m.47 views

CVE-2007-1326

The CVE-2007-1326 entry concerns a SQL injection in Serendipity 1.1.1. Affects index.php where the parameter serendipity[multiCat][] can be supplied by an attacker to execute arbitrary SQL commands. This is exploitable remotely and can compromise data integrity and confidentiality as described. T...

7.5CVSS8.3AI score0.0108EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2007/03/07 8:19 p.m.10 views

CVE-2006-7153

PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 allows remote attackers to execute arbitrary code via a URL in the pathToFiles parameter...

10CVSS7.7AI score0.03779EPSS
Exploits0References3
NVD
NVD
added 2007/03/07 8:19 p.m.22 views

CVE-2006-7149

Multiple cross-site scripting XSS vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via 1 the query string to a index.php, which reflects the string in an error message from modlogin.php; and the 2 mcname parameter to b moscomment.php and c comcomment.ph...

4.3CVSS5.8AI score0.01107EPSS
Exploits1References5
CVE
CVE
added 2007/03/07 12:0 a.m.56 views

CVE-2007-1299

CVE-2007-1299 concerns PHP remote file inclusion in Mani Stats Reader 1.2 and earlier. The vulnerability resides in index.php: an attacker can supply a URL in the ipath parameter to cause arbitrary PHP code execution on the affected system. The NVD entry confirms the exploitability as network acc...

7.5CVSS7.6AI score0.0267EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2007/03/06 1:19 a.m.19 views

CVE-2006-7116

SQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the memberid parameter $id variable to index.php...

7.5CVSS8.6AI score0.01119EPSS
Exploits0References3
NVD
NVD
added 2007/03/03 7:19 p.m.50 views

CVE-2007-1240

Multiple cross-site scripting XSS vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via 1 the searchkey parameter to index.php, or the 2 sn or 3 ri parameter to modules/htmlframechat/index.php. NOTE: the provenance of this information ...

4.3CVSS5.7AI score0.03022EPSS
Exploits1References5
CVE
CVE
added 2007/03/03 7:0 p.m.36 views

CVE-2006-7099

The CVE-2006-7099 entry describes a directory traversal vulnerability in SolarPay’s index.php, exploitable via a .. in the read parameter to read files. Affected software is SolarPay (component: index.php handling read parameter). Underlying cause: improper validation of path input leading to una...

5CVSS6.7AI score0.02404EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2007/03/03 7:0 p.m.53 views

CVE-2007-1240

CVE-2007-1240 involves multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5. The flaws allow remote attackers to inject arbitrary web script or HTML via specific parameters: (1) searchkey to index.php, and (2) sn or (3) ri to modules/htmlframechat/index.php. The d...

4.3CVSS5.7AI score0.03022EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2007/03/02 9:18 p.m.14 views

Directory traversal

Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. dot dot in the 1 act or 2 pid parameter to the top-level URI index.php, or the 3 action parameter to admin/index.php. NOTE: some of these details are obtained from third part...

5CVSS7.4AI score0.02728EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2007/03/02 9:18 p.m.11 views

Sql injection

Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the 1 strid parameter to index.php and the 2 id0 or other id array index parameter to filecheck.php...

6.8CVSS9.3AI score0.0103EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2007/03/02 9:18 p.m.17 views

CVE-2006-7072

Cross-site scripting XSS vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the 1 busername and 2 c parameters to a index.php, the busername parameter to b admin/index.php, and 3 cphone parameter to register.php...

4.3CVSS5.7AI score0.02221EPSS
Exploits1References9
NVD
NVD
added 2007/03/02 9:18 p.m.12 views

CVE-2007-1135

Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the 1 strid parameter to index.php and the 2 id0 or other id array index parameter to filecheck.php...

6.8CVSS8.5AI score0.0103EPSS
Exploits0References5
NVD
NVD
added 2007/03/02 9:18 p.m.12 views

CVE-2007-1136

index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous...

6.8CVSS7.9AI score0.02195EPSS
Exploits0References5
securityvulns
securityvulns
added 2007/03/02 12:0 a.m.72 views

vBulletin v3.6.5 admincp/index.php ( rss feed ) xss vuln.

vBulletin® v3.6.5 has an xss vuln in admincp/index.php in rss feed . exactlly in add rss url by adding : "scriptalertdocument.cookie;/script a cool messege box appear with cookies ; earlier versions affected also . -----------------------------------------------------------------------------...

1.9AI score
Exploits0
securityvulns
securityvulns
added 2007/03/02 12:0 a.m.155 views

Mani Admin Plugin Stats Reader V1.2 rfi :)

Mani Admin Plugin Stats Reader V1.2 rfi : dork:"2006 by www.mani-stats-reader.de.vu" "allinurl:.php?ipath= inurl:"css"" vuln:index.php?ipath=evilshit greetz:RST, LinuxPakistan phpfreaks [email protected]...

2.6AI score
Exploits0
0day.today
0day.today
added 2007/03/02 12:0 a.m.57 views

Mani Stats Reader <= 1.2 (ipath) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ================================================================== Mani Stats Reader = 1.2 ipath Remote File Include Vulnerability ================================================================== Mani Admin Plugin Stats Reader V1.2 rfi :...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2007/03/02 12:0 a.m.40 views

Mani Stats Reader 1.2 - &#039;ipath&#039; Remote File Inclusion

Mani Admin Plugin Stats Reader V1.2 rfi : dork:"2006 by www.mani-stats-reader.de.vu" "allinurl:.php?ipath= inurl:"css"" vuln:index.php?ipath=evilshit greetz:RST, LinuxPakistan phpfreaks [email protected] milw0rm.com 2007-03-02...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2007/03/02 12:0 a.m.66 views

Mani Stats Reader &lt;= 1.2 (ipath) Remote File Include Vulnerability

No description provided by source. Mani Admin Plugin Stats Reader V1.2 rfi : dork:"2006 by www.mani-stats-reader.de.vu" "allinurl:.php?ipath= inurl:"css"" vuln:index.php?ipath=evilshit greetz:RST, LinuxPakistan phpfreaks [email protected] milw0rm.com 2007-03-02...

7.1AI score
Exploits0
Rows per page
Query Builder