1672 matches found
Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities
OVERVIEW Etano 1.x versions are vulnerable to Cross Site Scripting. 2. BACKGROUND The community builder script we provide - Etano - was built entirely based on requests from customers of our previous dating package Dating Site Builder. Almost every feature ever requested was built into Etano to...
lizard cart - search.php SQL Injection
lizard cart - search.php SQL Injection Exploit Title: lizard cart SQLi search.php Google Dork: inurl:search.php+intitle:"Lizard Cart"+intext:"Search Results:" Date: 05-03-2012 Author: Number 7 Software Link: http://sourceforge.net/projects/lizardcart/files/latest/download?source=directory Version...
lizard cart - 'search.php' SQL Injection
Exploit Title: lizard cart SQLi search.php Google Dork: inurl:search.php+intitle:"Lizard Cart"+intext:"Search Results:" Date: 05-03-2012 Author: Number 7 Software Link: http://sourceforge.net/projects/lizardcart/files/latest/download?source=directory Version: pp104 Tested on: Windows Usage:...
Lizard Cart SQL Injection
Exploit Title: lizard cart SQLi search.php Google Dork: inurl:search.php+intitle:"Lizard Cart"+intext:"Search Results:" Date: 05-03-2012 Author: Number 7 Software Link: http://sourceforge.net/projects/lizardcart/files/latest/download?source=directory Version: pp104 Tested on: Windows Usage:...
phxEventManager 2.0 Beta 5 SQL Injection
Exploit Title: phxEventManager 2.0 beta 5 search.php searchterms SQL Injection Vulnerability Date: 01/03/2012 Author: skysbsb Software Link: http://sourceforge.net/projects/phxeventmanager/ Version: Web Application Tested on: Apache/nix Dork: intext: "Powered by phxEventManager" Code : Exploited...
phxEventManager 2.0 Beta 5 - 'search.php' search_terms SQL Injection
Exploit Title: phxEventManager 2.0 beta 5 search.php searchterms SQL Injection Vulnerability Date: 01/03/2012 Author: skysbsb Software Link: http://sourceforge.net/projects/phxeventmanager/ Version: Web Application Tested on: Apache/nix Dork: intext: "Powered by phxEventManager" Code : Exploited...
phxEventManager 2.0 beta 5 search.php search_terms SQL Injection
Exploit for php platform in category web applications Exploit Title: phxEventManager 2.0 beta 5 search.php searchterms SQL Injection Vulnerability Date: 01/03/2012 Author: skysbsb Software Link: http://sourceforge.net/projects/phxeventmanager/ Version: Web Application Tested on: Apache/nix Dork:...
Sql injection
SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone aka The Real Estate Script allows remote attackers to execute arbitrary SQL commands via the pricefrom parameter...
CVE-2012-0982
SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone aka The Real Estate Script allows remote attackers to execute arbitrary SQL commands via the pricefrom parameter...
CVE-2011-3830
CVE-2011-3830 affects Support Incident Tracker (SiT!) 3.65, where an XSS flaw exists in search.php via the search_string parameter, enabling remote injection of arbitrary script/HTML. Root cause is insufficient input validation on the search_string field, as reported in the NVD entry. Exploitatio...
CVE-2011-3830
Cross-site scripting XSS vulnerability in search.php in Support Incident Tracker aka SiT! 3.65 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter...
ARASTAR Portal System Cross Site Scripting
ARASTAR Portal System search.php XSS Vulnerability Software : ARASTAR Date : 1/13/2012 Vendor : http://www.ara-star.com Get App. : http://www.ara-star.com/sale.php?sale=3 Price : $480 Dork : site:.il intext:"powered by ARASTAR" Author : ITTIHACK Home : http://ittihack.com Vulnerable File :...
wsCMS Cross Site Scripting / SQL Injection
Exploit Title: wsCMS alert/farbodmahini/ www.wbnb-fanb.ca/search.php?search=alert/farbodmahini/ www.gowanbrae.ca/search.php?search=alert/farbodmahini/ Special Thanks : Mehdi.H4ckcity-2MzRp-Mikili-M.Prince-Bl4ck.Viper-iC0d3R- IrIsT-K0242-P0W3RFU7-Mr.M4st3r-HigherSense ,... GreetZ : All H4ckCity...
CVE-2011-5022
Summary: CVE-2011-5022 affects Pligg CMS 1.1.2, with an SQL injection in search.php via the status parameter. The root cause is improper handling of user-supplied input in the search functionality, enabling arbitrary SQL execution by remote attackers. Impact (as stated): Remote attackers can exec...
Unfixed XSS vulnerability at mzc.in
Security researcher bios terminator, has submitted on 27/12/2011 a cross-site-scripting XSS vulnerability affecting mzc.in, which at the time of submission ranked 120853 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 28/12/2011. It is currentl...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...
CVE-2011-3835
Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...
Unfixed XSS vulnerability at www.mydealspy.com
Security researcher Codeshift3r, has submitted on 18/12/2011 a cross-site-scripting XSS vulnerability affecting www.mydealspy.com, which at the time of submission ranked 4250974 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 18/12/2011. It is...
Unfixed XSS vulnerability at www.wnet.co.il
Security researcher Codeshift3r, has submitted on 17/12/2011 a cross-site-scripting XSS vulnerability affecting www.wnet.co.il, which at the time of submission ranked 32143 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 18/12/2011. It is...
CVE-2010-5062
SQL injection vulnerability in search.php in MH Products kleinanzeigenmarkt allows remote attackers to execute arbitrary SQL commands via the c parameter...