7210 matches found
CVE-2007-1020
Cross-site scripting XSS vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter...
CVE-2007-1020
CVE-2007-1020 affects CedStat 1.31, with an XSS flaw in index.php exploited via the hier parameter. The root cause is insufficient sanitization allowing remote script injection. Impact per CVSS 2.0: Partial confidentiality, integrity, and availability (base score 6.8). Connected documents provide...
CVE-2007-1020
Cross-site scripting XSS vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter...
CedStat 1.31 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/22653/info CedStat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
CVE-2007-0986
Jupiter CMS 1.1.5 is affected by a PHP remote file inclusion in index.php when running PHP 5.0.0 or later. An attacker can supply an ftp URL in the n parameter to execute arbitrary PHP code on the affected system. The available documents confirm the vulnerability class and target version, but do ...
Sql injection
Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the...
CVE-2007-0971
Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the...
CVE-2007-0971
Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the...
CVE-2007-0971
Jupiter CMS 1.1.5 is affected by multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and other headers that set the ip variable used in queries in index.php and related PHP scripts. This is the underlying cause: input ...
CVE-2006-7022
The CVE-2006-7022 entry concerns fx-APP 0.0.8.1, where the Tools module allows remote attackers to misrepresent a web page’s contents by supplying an arbitrary URL in the url parameter to the showhtml action of index.php, causing that URL to render inside an iframe. The available description expl...
LightRO CMS 1.0 - 'index.php?projectid' SQL Injection
exploit2.asp 'Update: + Get Header 'Update: + Get Whois Info '=============================================================================================== % function functionControl1 setTimeout"functionControl2",2000; function functionControl2 ifdocument.form1.field1.value=="" alert"Exploit...
Directory traversal
Multiple directory traversal vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to read arbitrary files via a .. dot dot in the chemin parameter to 1 modnews/index.php or 2 modnews/goodies.php. NOTE: The provenance of this information is unknown; the details are obtained solely...
CVE-2007-0821
CVE-2007-0821 describes multiple directory traversal vulnerabilities in Cedric CLAIRE PortailPhp 2. An attacker can read arbitrary files by injecting a .. sequence into the chemin parameter of two PHP scripts: mod_news/index.php and mod_news/goodies.php. The underlying issue is improper validatio...
Remote file inclusion
PHP remote file inclusion vulnerability in index.php in Miguel Nunes Call of Duty 2 CoD2 DreamStats System 4.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter...
CVE-2007-0757
CVE-2007-0757 is a PHP remote file inclusion vulnerability in the rootpath handling of the Call of Duty 2 DreamStats System (version 4.2 and earlier). The flaw in index.php allows an attacker to supply a URL in the rootpath parameter and cause arbitrary PHP code execution on the affected server. ...
CVE-2007-0700
Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php aka Gsylvain35 Portail Web, PwP allows remote attackers to read arbitrary files via a .. dot dot in the page parameter. NOTE: this issue was later reported for 2.5.1.1...
CoD2: DreamStats <= 4.2 (index.php) Remote File Include Vulnerability
ConTact Me:-wWw.Asb-May.Net ScRiPt:-http://callofduty.filefront.com/file/DreamStatsSystem;54520 Discovered By:- ThE dE@Th AsB-MaY DiScOvEr ExPlIoTs TeAm index.php:- if !$slots include$rootpath . 'html/serveroffline.php';exit; ExPlOiT:-http://www.Site.com/PaTh/index.php?rootpath=Shell milw0rm.com...
CoD2: DreamStats <= 4.2 (index.php) Remote File Include Vulnerability
No description provided by source. ConTact Me:-wWw.Asb-May.Net ScRiPt:-http://callofduty.filefront.com/file/DreamStatsSystem;54520 Discovered By:- ThE dE@Th AsB-MaY DiScOvEr ExPlIoTs TeAm index.php:- if !$slots include$rootpath . 'html/serveroffline.php';exit;...
CoD2: DreamStats <= 4.2 (index.php) Remote File Include Vulnerability
Exploit for unknown platform in category web applications ===================================================================== CoD2: DreamStats index.php:- if !$slots include$rootpath . 'html/serveroffline.php';exit; ExPlOiT:-http://www.Site.com/PaTh/index.php?rootpath=Shell 0day.today 2018-04-0...
CoD2: DreamStats 4.2 - index.php Remote File Inclusion
CoD2: DreamStats 4.2 - index.php Remote File Inclusion ConTact Me:-wWw.Asb-May.Net ScRiPt:-http://callofduty.filefront.com/file/DreamStatsSystem;54520 Discovered By:- ThE dE@Th index.php:- if !$slots include$rootpath . 'html/serveroffline.php';exit;...