web4ughana-sql.txt

. . | / | | \ \ | / / |\ \ \ |/ // / /\ \ / |/ \ / // | / | | / \ /|\ / / / / \ / \ / / / \ | | /\ /\ / \ | \ // est.2007 / / forum.darkc0de.com d3hydr8 - rsauron - baltazar - sinner01 - r45c4l - beenu And all darkc0de.com members Author: P47r1ck Home : www.darkc0de.com Email :...

Websens CMSbright 'page.php' SQL注入漏洞

BUGTRAQ ID: 30946 CNCAN ID：CNCAN-2008090205 Websens CMSbright是一款基于PHP的WEB应用程序。 Websens CMSbright不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可能获得敏感信息或操作数据库。 问题由于'page.php'脚本对用户提交给'idrubpage'参数缺少过滤，构建恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 Websens CMSbright 目前没有解决方案提供： http://www.cmsbright.com/public/page.ph...

cmsbright-sql.txt

------------------------------------------- Script : CMSbright .. site : http://www.cmsbright.com/ Author : BorN To K!LL Dork : powered by CMSbright © websens ------------------------------------------- Exploit : public/page.php?idrubpage=SQL Example :...

CVE-2007-3652

SQL injection vulnerability in class/page.php in Farsi Script aka FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Farsi Script aka FaScript FaName 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 key or 2 desc parameter to index.php, or 3 the name parameter to page.php...

CVE-2007-3653

Multiple cross-site scripting XSS vulnerabilities in Farsi Script aka FaScript FaName 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 key or 2 desc parameter to index.php, or 3 the name parameter to page.php...

CVE-2007-3652

SQL injection vulnerability in class/page.php in Farsi Script aka FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328...

CVE-2008-2899

Unspecified vulnerability in includes/classes/page.php in j00lean-CMS 1.03 has unknown impact and attack vectors...

CVE-2008-2899

Technical details for CVE-2008-2899 are not publicly provided in the supplied documents. The initial description is generic, and connected records do not expose affected product specifics, root cause, or remediation.

EntertainmentScript 1.4.0 (page.php page) Local File Inclusion Exploit

No description provided by source. !/usr/bin/perl EntertainmentScript V1.4.0 page.php page Local File Inclusion Exploit Founded & Exploited by : Stack-Terrorist v40 Contact: Ev!L = see down Greetz : Houssamix & Djekmani & Jadi & iuoisn & All muslims HaCkeRs : P0c :...

CVE-2008-1624

Directory traversal vulnerability in v2demo/page.php in Jshop Server 1.x through 2.x allows remote attackers to include and execute arbitrary local files via a .. dot dot in the xPage parameter...

JShop 1.x - 2.x (page.php xPage) Local File Inclusion Vulnerability

No description provided by source. JShop 1.x-2.x local file include --------------------------------------------------------------------------------------------------------------------- + scripts: Jshop Server 1.x-2.x + + Discovered By : v0l4arrra v0l4arrratgmaildotcom + + url: www.jshop.co.uk + ...

FaScript FaName 1.0 - SQL Injection

FaScript FaName 1.0 - SQL Injection FaScript FaName v1 Remote Sql Injection BY IRCRASH AUTHOR : IRCRASH Dr.Crash Script Download : http://www.hotscripts.com/Detailed/66472.html Injection Adress : http://Sitename/faname/page.php?id= Help : In This Script Admin Username and Password Save in...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Thierry Leriche Restaurant Management System ReMaSys 0.5 allow remote attackers to execute arbitrary PHP code via a URL in 1 the DIRROOT parameter to a global.php, or the 2 DIRPAGE parameter to b template/fr/page.php or c...

CVE-2007-4893

wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user MU before 1.2.5a does not properly verify the unfilteredhtml privilege, which allows remote attackers to conduct cross-site scripting XSS attacks via modified data to 1 post.php or 2 page.php with a nofilter field...

Cross site scripting

wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user MU before 1.2.5a does not properly verify the unfilteredhtml privilege, which allows remote attackers to conduct cross-site scripting XSS attacks via modified data to 1 post.php or 2 page.php with a nofilter field...

CVE-2007-4893

wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user MU before 1.2.5a does not properly verify the unfilteredhtml privilege, which allows remote attackers to conduct cross-site scripting XSS attacks via modified data to 1 post.php or 2 page.php with a nofilter field...

WordPress <= 2.2.3 - XSS

The attackers can conduct cross-site scripting XSS attacks via modified data to post.php or page.php with a nofilter field. Solution Update WordPress...

RGameScript Pro (page.php id) Remote File Inclusion Vulnerability

No description provided by source. /////\ Web Application: RCMS-Pro ///// Info: ///////////////////////////////////////////////////// Vulnerability: Remote File Inclusion Vendor: http://www.rcms-pro.com/ Dork: "Powered by RGameScript" Found By: Warpboy E-Mail/MSNM: [email protected]...

RGameScript Pro - &#039;page.php?id&#039; Remote File Inclusion

/////\ Web Application: RCMS-Pro ///// Info: ///////////////////////////////////////////////////// Vulnerability: Remote File Inclusion Vendor: http://www.rcms-pro.com/ Dork: "Powered by RGameScript" Found By: Warpboy E-Mail/MSNM: [email protected] Website: http://private-node.net Shouts:...