1673 matches found
MyBulletinBoard (MyBB) <= 1.2.10 Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ================================================================ MyBulletinBoard MyBB = 1.2.10 Multiple Remote Vulnerabilities ================================================================ waraxe-2008-SA061 - Remote Code Execution in My...
MyBulletinBoard (MyBB) 1.2.10 - Multiple Vulnerabilities
waraxe-2008-SA061 - Remote Code Execution in MyBB 1.2.10 =============================================================================== Author: Janek Vind "waraxe" Independent discovery: koziolek Date: 16. January 2008 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-61.html Target...
Sql injection
Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the 1 status, 2 sort, and 3 way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the 4 msg and 5 password...
CVE-2008-0267
Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the 1 status, 2 sort, and 3 way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the 4 msg and 5 password...
CVE-2008-0267
CVE-2008-0267 describes multiple SQL injection vulnerabilities in eTicket 1.5.5.2. The flaws allow remote authenticated users to inject arbitrary SQL via search.php parameters (status, sort, way) and remote authenticated administrators to inject via admin.php parameters (msg, password). The root ...
CVE-2007-6669
Cross-site scripting XSS vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the string parameter...
CVE-2007-6670
SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter...
Sql injection
Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the searchtext parameter to search.php, and unspecified other vectors...
eTicket 1.5.5.2 - search.php Multiple SQL Injections
eTicket 1.5.5.2 - search.php Multiple SQL Injections source: https://www.securityfocus.com/bid/27173/info eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These vulnerabilities include multiple SQL-injection...
eTicket 1.5.5.2 - 'search.php' Multiple SQL Injections
source: https://www.securityfocus.com/bid/27173/info eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues, a cross-site scripting issue, and an...
MyPHP Forum 3.0 - 'Final' SQL Injection
================================================================================================= / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / ================================================================================================= This is a Public Exploit. Date: 03/01/2008 dd,mm,yyyy...
MyPHP Forum 3.0 - search.php Multiple SQL Injections
MyPHP Forum 3.0 - search.php Multiple SQL Injections source: https://www.securityfocus.com/bid/27118/info MyPHP Forum is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allo...
myphp30-sql.txt
================================================================================================= / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / ================================================================================================= This is a Public Exploit. Date: 03/01/2008 dd,mm,yyyy...
Unfixed XSS vulnerability at www.kwongwah.com.my
Security researcher DerickTham, has submitted on 29/12/2007 a cross-site-scripting XSS vulnerability affecting www.kwongwah.com.my, which at the time of submission ranked 32387 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/01/2008. It is...
phcdownload-xss.txt
XSS Flaw & posible SQL injection in PHCDownload vendor url: http://www.phpcredo.com/ Advisore: http://lostmon.blogspot.com/2007/12/ xss-flaw-posible-sql-injection-in.html vendor notify:YES exploit available: YES New XSS Flaw & posible SQL injection in search.php PHCDownload contains a flaw that...
CVE-2007-6583
CVE-2007-6583 is a SQL injection vulnerability in the 1024 CMS 1.3.1, specifically in the file path admin/ops/findip/ajax/search.php. The underlying issue allows remote attackers to inject SQL via the ip parameter and may enable partial confidentiality and integrity impact and partial availabilit...
CuteNews search.php files_arch Array Arbitrary File Access
The version of CuteNews on the remote host fails to initialize the 'filesarch' array before populating it with a list of files to search in the 'search.php' script. Regardless of PHP's 'registerglobals' setting, an unauthenticated attacker can leverage this issue to determine the existence of...
Woltlab Burning Board Lite Search.PHP多个SQL注入漏洞
BUGTRAQ ID: 26973 CNCAN ID:CNCAN-2007122403 Woltlab Burning Board Lite是一款基于PHP的WEB应用程序。 Woltlab Burning Board Lite不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息或操作数据库。 问题是'Search.PHP'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 WoltLab Burning Board Lite 1.0.2 目前没有解决方案提供:...
Woltlab Burning Board Lite "search.php" SQL Injection Vulnerabilities
Multiple vulnerabilities have been identified in Woltlab Burning Board Lite, which could be exploited by remote attackers to execute arbitrary SQL queries. These issues are caused by input validation errors in the "search.php" script when processing the "showposts", "sortby" and "sortorder"...
Woltlab Burning Board Lite Search.PHP SQL注入漏洞
BUGTRAQ ID: 26973 CNCAN ID:CNCAN-2007122407 Woltlab Burning Board Lite是一款基于PHP的WEB应用程序。 Woltlab Burning Board Lite不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息或操作数据库。 问题是由于脚本对用户提交的WEB参数处理缺少充分过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 WoltLab Burning Board Lite 1.0.2 目前没有解决方案提供:...