7210 matches found
CVE-2007-0663
SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter, a different vector than CVE-2007-0631. NOTE: The provenance of this information is unknown; the details are obtained solely fr...
CVE-2007-0663
SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter, a different vector than CVE-2007-0631. NOTE: The provenance of this information is unknown; the details are obtained solely fr...
CVE-2007-0663
CVE-2007-0663 describes an SQL injection in Eclectic Designs CascadianFAQ 4.1 and earlier, exploitable via the qid parameter in index.php. The vulnerability allows remote attackers to execute arbitrary SQL commands; affected software is CascadianFAQ on index.php, with the issue explicitly tied to...
MDPro Index.PHP注入漏洞
MDPro是一款基于PHP的WEB应用程序。 MDPro不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'Index.PHP'脚本对用户提交的'startrow'参数缺少过滤,提交恶意SQL脚本代码作为参数数据,可更改原来的SQL逻辑,导致获得敏感信息。 MAXdev MD-Pro 1.0.76 目前没有解决方案提供,请关注以下链接: http://www.maxdev.com/AboutMD.phtml http://www.example.com/index.php?module=News&startrow='sql injection...
CascadianFaq Index.PHP SQL注入漏洞
CascadianFaq是一款基于PHP的WEB应用程序。 CascadianFaq不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'Index.PHP'脚本对用户提交的'catid'参数缺少过滤,提交恶意SQL脚本代码作为参数数据,可更改原来的SQL逻辑,导致获得敏感信息。 Eclectic Designs CascadianFAQ 4.1 目前没有解决方案提供,请关注以下链接: http://eclectic-designs.com/cascadianfaq.php...
CVE-2007-0631
CVE-2007-0631 affects Eclectic Designs CascadianFAQ 4.1 and earlier. A vulnerability in the web app’s index.php allows a remote attacker to inject SQL via the catid parameter, enabling arbitrary SQL execution. The available connected sources confirm the parameter-based SQL injection vector and id...
CVE-2007-0623
The CVE-2007-0623 entry documents an SQL injection vulnerability in the MAXdev MDPro product, specifically in index.php (version 1.0.76). The root cause is improper handling of the startrow parameter, allowing remote attackers to execute arbitrary SQL commands. The vulnerability affects the web a...
CVE-2007-0616
Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php...
CascadianFAQ <= 4.1 (index.php) Remote SQL Injection Vulnerability
No description provided by source. Title : CascadianFAQ = 4.1 index.php Remote Blind SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://eclectic-designs.com $$ : Free Dork : This FAQ is powered by CascadianFAQ DorkEx :...
gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability
t3K t4b4nc4 gnopaste = 0.5.3 index.php Remote File Include Vulnerability Script site: http://sourceforge.net/projects/gnopaste Find by TrZiNDaN Greetings; ELMuHaMMeD,CyberWolf,CrackersChild,EntriKa,Xyu,Sehzade, B4ct3ry,M3rhametsiz,Cold Z3ro,e-system,blackwolf,Paradox T3K T4B4NC4 Contact:...
CascadianFAQ 4.1 - index.php SQL Injection
CascadianFAQ 4.1 - index.php SQL Injection Title : CascadianFAQ = 4.1 index.php Remote Blind SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://eclectic-designs.com $$ : Free Dork : This FAQ is powered by CascadianFAQ DorkEx :...
CascadianFAQ 4.1 - 'index.php' SQL Injection
Title : CascadianFAQ = 4.1 index.php Remote Blind SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://eclectic-designs.com $$ : Free Dork : This FAQ is powered by CascadianFAQ DorkEx :...
Mafia Scum Tools Index.PHP远程文件包含漏洞
Mafia Scum Tools是一款基于PHP的WEB应用程序。 Mafia Scum Tools不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'Index.PHP'脚本对用户提交的'gen'参数缺少过滤,指定远程服务器上的文件作为包含参数,可导致以WEB权限执行任意命令。 Mafia Scum Tools Mafia Scum Tools 2.0 目前没有解决方案提供: http://switch.dl.sourceforge.net/sourceforge/adv-random-gen !/usr/bin/perl &n...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in Advanced Guestbook 2.4.2 allow remote attackers to execute arbitrary PHP code via a URL in the includepath parameter to 1 index.php, 2 addentry.php, or 3 picture.php, a different set of vectors than CVE-2006-5804. NOTE: this issue has been...
CVE-2007-0501
CVE-2007-0501 corresponds to a PHP remote file inclusion vulnerability in Mafia Scum Tools 2.0.0 within Matthew Wardrop Advanced Random Generators (adv-random-gen). The flaw allows an attacker to execute arbitrary PHP code by supplying a URL in the gen parameter, enabling remote code execution. T...
CVE-2007-0490
Open-Realty 2.3.4 is affected by CVE-2007-0490 where index.php via listingview with an invalid listingID exposes the full server path. This is an information-disclosure vulnerability that can be exploited remotely to obtain sensitive filesystem paths. Root cause is not detailed in the provided do...
PT-2007-1947 · Freeforum · Freeforum
Name of the Vulnerable Software and Affected Versions: FreeForum version 0.9.0 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter in the index.php file. However, this issue has been disputed by third-party researchers, stating that the...
Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability
Advanced Guestbook =- 2.4.2 includepath Remote File Include Vulnerability Script: Advanced Guestbook Version: 2.4.2 URL: http://proxy2.de/js/dl86d7a2.php Found By : BorN To K!LL Bug in : index.php , addentry.php , picture.php code :. requireonce $includepath."/admin/config.inc.php"; requireonce...
FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability
FreeForum 0.9.0 =- index.php fpath Remote File Include Vulnerability Script: FreeForum Version: 0.9.0 URL: http://www.phpfreaks.com/scripts.php?action=gotoDownload&scriptid=616 Found By : BorN To K!LL Bug in : index.php code : include"$fpath/forum.php"; Explo!T :. ^^^^^ /index.php?fpath=SHe1L-CoD...
freeforum090-rfi.txt
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% FreeForum 0.9.0 =- index.php fpath Remote File Include Vulnerability Script: FreeForum Version: 0.9.0 URL: http://www.phpfreaks.com/scripts.php?action=gotoDownload&scriptid=616 Found By : BorN To K!LL %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Bug in : index.php...