paFileDB includes/search.php categories Parameter SQL Injection

Binary data 4136.prm...

paFileDB 3.6 - search.php SQL Injection

paFileDB 3.6 - search.php SQL Injection Site: http://www.phparena.net/pafiledb Description: SQL injection categories in includes/search.php Code: $results = $db-GetArray"SELECT FROM ".$dbPrefix."files WHERE ".$searchin." AND filecatid IN ".implode',',$POST'categories'.""; Comment:"ouuch" SQL: UNI...

paFileDB 3.6 - 'search.php' SQL Injection

Site: http://www.phparena.net/pafiledb Description: SQL injection categories in includes/search.php Code: $results = $db-GetArray"SELECT FROM ".$dbPrefix."files WHERE ".$searchin." AND filecatid IN ".implode',',$POST'categories'.""; Comment:"ouuch" SQL: UNION SELECT ALL...

paFileDB 3.6 (search.php) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================ paFileDB 3.6 search.php Remote SQL Injection Vulnerability ============================================================ Site: http://www.phparena.net/pafiledb Description: SQL...

Unfixed XSS vulnerability at www.transformersclassics.com

Security researcher Genocide, has submitted on 07/12/2007 a cross-site-scripting XSS vulnerability affecting www.transformersclassics.com, which at the time of submission ranked 608341 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/12/2007...

CVE-2007-3484

Cross-site scripting XSS vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the 'search.php' script...

CVE-2007-3484

CVE-2007-3484 describes an XSS vulnerability in Google Custom Search Engine, where the q parameter in the search functionality is susceptible to script injection. The affected component is the search flow of Google Custom Search Engine (claims reference to a non-existent search.php script; Google...

Unfixed XSS vulnerability at www.sucheplus.de

Security researcher Uber0n, has submitted on 06/12/2007 a cross-site-scripting XSS vulnerability affecting www.sucheplus.de, which at the time of submission ranked 1662819 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/12/2007. It is...

Unfixed XSS vulnerability at www.humboldtmfg.com

Security researcher CoNqUeRoR, has submitted on 06/07/2007 a cross-site-scripting XSS vulnerability affecting www.humboldtmfg.com, which at the time of submission ranked 951366 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/07/2007. It is...

CVE-2007-3054

Cross-site scripting XSS vulnerability in search.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the kword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2007-3054

Cross-site scripting XSS vulnerability in search.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the kword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

MyEvent1.6 (template.php) Remote File Inclusion Vulnerability

.-" "-. / | TiTaNiC | |, .-. .-. ,| | o/ o | |/ / | @ ^^ |IIIIII|/ @8@8|-IIIIII/-| / HaCkEr / @ script:PBSite - PHP Bulletin Site | CMS ==== RFI url:http://sourceforge.net/project/showfiles.php?groupid=88114 authot:titanichacker [email protected] contact: hack-teach.com & mohandko.com...

PBSite - PHP Bulletin Site | CMS ====> RFI

.-" "-. / | TiTaNiC | |, .-. .-. ,| | o/ o | |/ / | @ ^^ |IIIIII|/ @8@8|-IIIIII/-| / HaCkEr / @ script:PBSite - PHP Bulletin Site | CMS ==== RFI url:http://sourceforge.net/project/showfiles.php?groupid=88114 authot:titanichacker [email protected] contact: hack-teach.com & mohandko.com...

CVE-2007-2962

CVE-2007-2962 affects Particle Gallery 1.0.1 and earlier, with a cross-site scripting vulnerability in search.php via the order parameter. The underlying issue is a reflected XSS allowing remote attackers to inject arbitrary script/HTML into victims’ browsers. Exploitation details are not provide...

Sql injection

SQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter...

CVE-2007-2675

CVE-2007-2675 concerns a SQL injection in the file search.php of Pre Classifieds Listings 1.0 , where an attacker can supply the category parameter to execute arbitrary SQL. The vulnerability is exploitable remotely with network access and low authentication requirements, potentially impacting co...

Sql injection

Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 part and 2 by parameters to a search.php, or the 2 id parameter to b viewforum.php...

Design/Logic Flaw

SonicBB 1.0 allows remote attackers to obtain sensitive information via the 1 by parameter to search.php, 2 p parameter to viewforum.php, and the 3 id parameter to a viewforum.php or b members.php, which reveal the installation path in the resulting error message...

CVE-2007-1903

SonicBB 1.0 is affected by CVE-2007-1903: a cross-site scripting (XSS) vulnerability in search.php via the part parameter. The issue allows remote attackers to inject arbitrary script/HTML; exploitation details indicate it can be triggered when PHP magic_quotes_gpc is Off. The advisory references...

Unfixed XSS vulnerability at www.invvio.com

Security researcher Uber0n, has submitted on 05/12/2007 a cross-site-scripting XSS vulnerability affecting www.invvio.com, which at the time of submission ranked 1344710 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 11/12/2007. It is currentl...