Empire CMS <= 3.7 (checklevel.php) Remote File Include Vulnerability

No description provided by source. Empire CMS =3.7 checklevel.php Remote File Include Vulnerability Find by: Bob Linuson Code: 2 $includefile=$checkpath."e/class/MemberLevel.php"; 3 include"$includefile"; ..... 67 include$checkpath."e/class/connect.php"; 68 include$checkpath."e/class/dbsql.php"; ...

CVE-2006-2951

Multiple cross-site scripting XSS vulnerabilities in Net Portal Dynamic System NPDS 5.10 and earlier allow remote attackers to inject arbitrary web script and HTML via the 1 Titlesitename or 2 sitename parameter to a header.php, 3 nukeurl parameter to b meta/meta.php, 4 forum parameter to c...

CVE-2006-2951

CVE-2006-2951 concerns multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS)

E107 v.6.17d vuln.

SQL Injection Существует из-за того, что не проверяется значение $order, преданное в POST-запросе к /user.php В случае, если: злоумышленник знает полный путь к каталогу, в котором размещен контент; magicquotesgpc=off; пользователь, с чьими правами идет обращение к БД имеет права Filepriv; то, он...

CVE-2006-1853

Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier allow remote attackers or administrators to execute arbitrary SQL commands via the 1 id parameter in a user.php, or 2 where and 3 order parameters to b admin.php...

Sql injection

SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to 1 functions.php and 2 user.php in the libs directory, 3 edit.php and 4 delete.php in control/files/, 5 edit.php and 6 delete.php in control/users/, 7 edit.php,...

Cross site scripting

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting XSS attacks via HTML tags with a trailing "" character by some web browsers but bypasses the blacklist protection in 1 the pnVarCleanFromInput function in pnAPI.php, 2 the pnSecureInput...

CVE-2006-0800

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting XSS attacks via HTML tags with a trailing "" character by some web browsers but bypasses the blacklist protection in 1 the pnVarCleanFromInput function in pnAPI.php, 2 the pnSecureInput...

CVE-2006-0313

Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors involving 1 util.php, 2 userpref.php, 3 user.php, 4 uploadfrm.php, 5 title.php, 6 team.php, 7 stats.php, 8 page.php, 9 org.php, 10 member.php...

Sql injection

SQL injection vulnerability in Primo Cart 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 q parameter to search.php and 2 email parameter to user.php...

CVE-2006-0068

SQL injection vulnerability in Primo Cart 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 q parameter to search.php and 2 email parameter to user.php...

CVE-2006-0068

SQL injection vulnerability in Primo Cart 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 q parameter to search.php and 2 email parameter to user.php...

CVE-2005-3020

Multiple cross-site scripting XSS vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the 1 group parameter to css.php, 2 redirect parameter to index.php, 3 email parameter to user.php, 4 goto parameter to language.php, 5 orderby parameter t...

CVE-2005-2689

Multiple cross-site scripting XSS vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via 1 the moderate parameter to the Comments module or 2 htmltext parameter to html/user.php...

CVE-2005-2689

Multiple cross-site scripting XSS vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via 1 the moderate parameter to the Comments module or 2 htmltext parameter to html/user.php...

CVE-2005-2596

User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries...

CVE-2005-2596

User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries...

CVE-2005-2596

CVE-2005-2596 concerns a programming error in the Gallery component used with Postnuke that allows any user with Admin privileges to access all galleries. Open-source advisories and Debian security notes describe a remote-attack surface stemming from a bug in the gallery code that grants full gal...

CVE-2001-1521

CVE-2001-1521 is an XSS vulnerability in PostNuke 0.64, specifically in the file/user component user.php , where the uname parameter can be exploited to inject arbitrary web script or HTML. The public records identify the affected software as PostNuke 0.64 and the vulnerability as a cross-site sc...

CVE-2004-2031

Cross-site scripting XSS vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the 1 URL, 2 MSN, or 3 AIM fields...