ecshop 2.7.2 search.php SQL注入漏洞

No description provided by source...

CTSCMS 4.0 /plus/search.php SQL注入漏洞

No description provided by source...

MantisBT search.php match_type Parameter XSS

The version of MantisBT installed on the remote host fails to properly sanitize user-supplied input to the 'matchtype' parameter of the 'search.php' script before using it to generate dynamic HTML output. An attacker may be able to leverage this to inject arbitrary HTML and script code into a...

DedeCms V57 plus/search. php file to SQL injection-vulnerability warning-the black bar safety net

Twitter on seen on the analysis,this exploit is more than one place can be utilized. Can actually disregard magicquotesgpc = On. Really not tasteless. Author: [email protected] Dedecms latest version plus/search.php file there is a variable override vulnerability,successfully exploited this...

CVE-2012-5874

Multiple SQL injection vulnerabilities in the 1 updatewhosonlinereg and 2 updatewhosonlineguest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL commands via the PATHINFO to a checkuser.php, b groups.php, c index.php, d login.php, e quicklogin.php, f...

Sino Solutions Cross Site Scripting

---------------------------------------------------------------- Sino solutions search.php Cross Site Scripting Vulnerabilities ---------------------------------------------------------------- Exploit Title : Sino solutions search.php Cross Site Scripting Vulnerabilities Author : Hack Center...

Sql injection

SQL injection vulnerability in search.php in Banana Dance, possibly B.1.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the category parameter...

CVE-2011-5176

Banana Dance’s search.php contains multiple XSS vulnerabilities exploitable via the q and category parameters. Affected: versions prior to B.1.5. Root cause: insufficient input sanitization in search.php. Impact: remote injection of arbitrary script/HTML. Remediation: upgrade to B.1.5 or newer; a...

PT-2012-2153 · Unknown · Banana Dance

Name of the Vulnerable Software and Affected Versions: Banana Dance versions prior to B.1.5 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the q or category parameters in th...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 user, 2 email, 3 email2, 4 f17zip, or 5 agree parameter to join.php; 6 PATHINFO, 7 st, 8 f17city, 9 f17country, 10 f17state, 11 f17zip, 12 f19, 13...

ArticleSetup 1.1 SQL Injection

HTTPCS Advisory : HTTPCS86 Product : ArticleSetup Version : 1.1 Date : 2012-09-03 Criticality level : Highly Critical Description : A vulnerability has been discovered in ArticleSetup, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the 'cat' paramete...

ShareLive CMS Cross Site Scripting

Exploit Title: ShareLive cms Cross Site Scripting Vulnerability Google Dork: intext:"Code and Portal design © ShareLive" Date: 08/24/2012 Author: Crim3R Tested on: all ======================================== s parametr in search.php is Vulnerable to xss D3M0 :...

Sql injection

Multiple SQL injection vulnerabilities in MyBB aka MyBulletinBoard before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a 1 dosearch action to search.php or 2 dostuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this...

CVE-2010-5096

Multiple SQL injection vulnerabilities in MyBB aka MyBulletinBoard before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a 1 dosearch action to search.php or 2 dostuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this...

CVE-2010-5096

Multiple SQL injection vulnerabilities in MyBB (MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in do_search (search.php) or do_stuff (private.php). Vendor disputes claim of true SQL injection, noting it may only produce general SQ...

Membris v 2.0.1 Sql \ XSS & File Disclosure Vulnerabilities

Exploit for php platform in category web applications Exploit:Membris v 2.0.1 Sql \ XSS & File Disclosure Vulnerabilities Google Dork: Powered by Membris v 2.0.1 Date: Dr.abolalh Author:01/06/2012 E-Mail: email protected Software Link: http://scripts.toocharger.com/fiches/scripts/membris/5258.htm...

Lizard-Cart 1.04 search.php sql注入漏洞

No description provided by source...

DreamArticle CMS 2.0 Cross Site Scripting

Exploit Title : DreamArticle CMS Cross Site Scripting Vulnerability Author : Secure-Land Security Team Discovered By : farbodmahini Home : Secure-Land.net Version : All Version Contact : [email protected] , [email protected] Security Risk : High DorK : "Powered by DreamArticle V2.0"...

Charles River Web CMS Cross Site Scripting

Exploit Title : Charles-River-Web Cms Cross Site Scripting Vulnerabilitiy Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir & Http://Security7.ir Software Link : http://www.charlesriverweb.com/ Security Risk : High Version : All Version Tested on : GNU/Linux Ubuntu - Windows Server -...

CVE-2012-1780

CVE-2012-1780 is a SQL injection vulnerability in SocialCMS 1.0.5, triggered through the category parameter in search.php. The vulnerability allows remote attackers to execute arbitrary SQL commands. The cited sources confirm the affected component and the injection vector, with no publicly docum...