7210 matches found
HC Newssystem 1.0-1.4 - 'index.php?ID' SQL Injection
HC NEWSSYSTEM 1.0-4 index.php "ID" Blind SQL Injection Type : SQL Injection Release Date : 2007-03-08 Product / Vendor : HC Design News Publisher. http://www.hcdesign.at/demo Bug : http://localhost/script/index.php?option=news&aktion=komm&ID=-SQL Inj.- SQL Inj Code : Admin Username/Password Query...
CVE-2007-1326
SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipitymultiCat parameter...
CVE-2007-1326
The CVE-2007-1326 entry concerns a SQL injection in Serendipity 1.1.1. Affects index.php where the parameter serendipity[multiCat][] can be supplied by an attacker to execute arbitrary SQL commands. This is exploitable remotely and can compromise data integrity and confidentiality as described. T...
CVE-2006-7153
PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 allows remote attackers to execute arbitrary code via a URL in the pathToFiles parameter...
CVE-2006-7149
Multiple cross-site scripting XSS vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via 1 the query string to a index.php, which reflects the string in an error message from modlogin.php; and the 2 mcname parameter to b moscomment.php and c comcomment.ph...
CVE-2007-1299
CVE-2007-1299 concerns PHP remote file inclusion in Mani Stats Reader 1.2 and earlier. The vulnerability resides in index.php: an attacker can supply a URL in the ipath parameter to cause arbitrary PHP code execution on the affected system. The NVD entry confirms the exploitability as network acc...
CVE-2006-7116
SQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the memberid parameter $id variable to index.php...
CVE-2007-1240
Multiple cross-site scripting XSS vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via 1 the searchkey parameter to index.php, or the 2 sn or 3 ri parameter to modules/htmlframechat/index.php. NOTE: the provenance of this information ...
CVE-2006-7099
The CVE-2006-7099 entry describes a directory traversal vulnerability in SolarPay’s index.php, exploitable via a .. in the read parameter to read files. Affected software is SolarPay (component: index.php handling read parameter). Underlying cause: improper validation of path input leading to una...
CVE-2007-1240
CVE-2007-1240 involves multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5. The flaws allow remote attackers to inject arbitrary web script or HTML via specific parameters: (1) searchkey to index.php, and (2) sn or (3) ri to modules/htmlframechat/index.php. The d...
Directory traversal
Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. dot dot in the 1 act or 2 pid parameter to the top-level URI index.php, or the 3 action parameter to admin/index.php. NOTE: some of these details are obtained from third part...
Sql injection
Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the 1 strid parameter to index.php and the 2 id0 or other id array index parameter to filecheck.php...
CVE-2006-7072
Cross-site scripting XSS vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the 1 busername and 2 c parameters to a index.php, the busername parameter to b admin/index.php, and 3 cphone parameter to register.php...
CVE-2007-1135
Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the 1 strid parameter to index.php and the 2 id0 or other id array index parameter to filecheck.php...
CVE-2007-1136
index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous...
vBulletin v3.6.5 admincp/index.php ( rss feed ) xss vuln.
vBulletin® v3.6.5 has an xss vuln in admincp/index.php in rss feed . exactlly in add rss url by adding : "scriptalertdocument.cookie;/script a cool messege box appear with cookies ; earlier versions affected also . -----------------------------------------------------------------------------...
Mani Admin Plugin Stats Reader V1.2 rfi :)
Mani Admin Plugin Stats Reader V1.2 rfi : dork:"2006 by www.mani-stats-reader.de.vu" "allinurl:.php?ipath= inurl:"css"" vuln:index.php?ipath=evilshit greetz:RST, LinuxPakistan phpfreaks [email protected]...
Mani Stats Reader <= 1.2 (ipath) Remote File Include Vulnerability
Exploit for unknown platform in category web applications ================================================================== Mani Stats Reader = 1.2 ipath Remote File Include Vulnerability ================================================================== Mani Admin Plugin Stats Reader V1.2 rfi :...
Mani Stats Reader 1.2 - 'ipath' Remote File Inclusion
Mani Admin Plugin Stats Reader V1.2 rfi : dork:"2006 by www.mani-stats-reader.de.vu" "allinurl:.php?ipath= inurl:"css"" vuln:index.php?ipath=evilshit greetz:RST, LinuxPakistan phpfreaks [email protected] milw0rm.com 2007-03-02...
Mani Stats Reader <= 1.2 (ipath) Remote File Include Vulnerability
No description provided by source. Mani Admin Plugin Stats Reader V1.2 rfi : dork:"2006 by www.mani-stats-reader.de.vu" "allinurl:.php?ipath= inurl:"css"" vuln:index.php?ipath=evilshit greetz:RST, LinuxPakistan phpfreaks [email protected] milw0rm.com 2007-03-02...