SnowFlake CMS 1.0 Beta5.2 SQL Injection

Exploit Title: Powered by SnowFlake Content Management System SQL Injection Date: 19th july 2010 Author: Dinesh Arora Critical:high Affected / Tested Version : 1.0 beta5.2 Sample Affected Parameter: uid contact: [email protected] Greetz to :b0nd, Fbih2s,Beenu,Charles ,j4ckh4x0r, punter,eberl...

Discuz! 6.0论坛uid参数远程跨站脚本漏洞

BUGTRAQ ID: 38484 Discuz!是一款华人地区非常流行的Web论坛程序。 Discuz!论坛没有正确的过滤提交给eccredit.php页面的uid参数，远程攻击者可以通过向论坛提交恶意参数请求执行跨站脚本攻击，导致在用户浏览器会话中注入并执行任意HTML和脚本代码。 Comsenz Discuz! 6.0 厂商补丁： Comsenz ------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.comsenz.com/index.php...

CVE-2009-4384

Multiple cross-site scripting XSS vulnerabilities in Scriptsez.net Ez Poll Hoster EPH allow remote attackers to inject arbitrary web script or HTML via the 1 pid parameter in a code action to index.php and the 2 uid parameter in a view action to profile.php...

Sql injection

SQL injection vulnerability in user.php in Super Serious Stats aka superseriousstats before 1.1.2p1 allows remote attackers to execute arbitrary SQL commands via the uid parameter, related to an "incorrect regexp." NOTE: some of these details are obtained from third party information...

CVE-2009-3961

The CVE-2009-3961 entry describes an SQL injection in Super Serious Stats (aka superseriousstats) through user.php, exploitable via the uid parameter and related to an "incorrect regexp." The vulnerability affects versions before 1.1.2p1 and could allow remote attackers to execute arbitrary SQL c...

Sql injection

SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows remote authenticated users to execute arbitrary SQL commands via the uid parameter in a show action...

Sql injection

Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 allow remote attackers to execute arbitrary SQL commands via the 1 UploadID parameter to videoint.php, and possibly the 2 catid parameter to catvideo.php and 3 uid parameter to cviewchannels.php...

CVE-2009-2924

Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 allow remote attackers to execute arbitrary SQL commands via the 1 UploadID parameter to videoint.php, and possibly the 2 catid parameter to catvideo.php and 3 uid parameter to cviewchannels.php...

Sql injection

SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a memberdetails action...

CVE-2008-3888

SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a memberdetails action...

Sql injection

SQL injection vulnerability in ugroups.php in PozScripts TubeGuru Video Sharing Script allows remote attackers to execute arbitrary SQL commands via the UID parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to 1 friends.php, 2 seutubo.php, 3 album.php, 4 scrapbook.php, 5 index.php, or 6 tribes.php; or 7 the...

CVE-2008-3668

Multiple cross-site scripting XSS vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to 1 friends.php, 2 seutubo.php, 3 album.php, 4 scrapbook.php, 5 index.php, or 6 tribes.php; or 7 the...

Sql injection

SQL injection vulnerability in ugroups.php in Youtuber Clone allows remote attackers to execute arbitrary SQL commands via the UID parameter...

CVE-2008-3419

SQL injection vulnerability in ugroups.php in Youtuber Clone allows remote attackers to execute arbitrary SQL commands via the UID parameter...

CVE-2008-3419

CVE-2008-3419 describes an SQL injection vulnerability in ugroups.php of the Youtuber Clone application, allowing remote attackers to execute arbitrary SQL commands through the UID parameter. The issue is documented across multiple sources (NVD/NVD mirror, CVE lists, and third-party advisories) w...

CVE-2008-3386

SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086...

Alstrasoft Video Share Enterprise 4.5.1 - 'UID' SQL Injection

|| | | Video Share Enterprise UID Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | | | script : http://www.alstrasoft.com/videoshare.htm | | DorK : Powered ...

CVE-2008-3089

CVE-2008-3089 describes an SQL injection vulnerability in Xpoze Pro 3.06 (Xpoze Pro CMS 2008), exploitable via the uid parameter in user.html . The root cause is improper input handling that allows arbitrary SQL execution by remote attackers. Impact per sources is partial confidentiality/integrit...

e107blog-sql.txt

::e107 Plugin BLOG Engine v2.2 macgurublog.php/uid Blind SQL Injection Vulnerability:: Virangar Security Team www.virangar.net -------- Discoverd By :virangar security teamhadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all hackerz greetz:to my best friend...