Cross site scripting

Cross-site scripting XSS vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element2 parameter...

CVE-2013-4950

Cross-site scripting XSS vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element2 parameter...

CVE-2013-4948

The CVE-2013-4948 entry details a SQL injection in Machform 2’s view.php, exploitable via the element_2 parameter. This allows remote attackers to execute arbitrary SQL commands, with a CVSS v2 base score of 7.5 (HIGH). The affected software and exact vulnerable component are Machform 2, specific...

CVE-2013-4948

SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element2 parameter...

Code injection

user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search...

WebsiteBaker Addon Concert Calendar 2.1.4 - Multiple Vulnerabilities

WebsiteBaker Addon Concert Calendar 2.1.4 - Multiple Vulnerabilities Advisory: Websitebaker Add-on 'Concert Calendar 2.1.4' XSS & SQLi vulnerability Advisory ID: SSCHADV2013-001 Author: Stefan Schurtz Affected Software: Successfully tested on Concert Calendar 2.1.4 Vendor URL:...

CVE-2012-5098

Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to rate.php, 2 cid parameter to view.php, or 3 t parameter to pop.php...

Mnews 1.1 - 'view.php' SQL Injection

\n"; echo "Example:\n"; echo "php $argv0 http://www.website.com/mnews\n"; exit; $target = $argv1; ifsubstr$target, strlen$target-1!="/" $target .= "/"; $inject = $target . "view.php?id=-0'%20"; $token = uniqid; $tokenhex = hex$token; echo " Trying to get informations...\n"; $infos =...

Sql injection

Multiple SQL injection vulnerabilities in GR Board aka grboard 1.8.6.5 Community Edition allow remote attackers to execute arbitrary SQL commands via the 1 tableType or 2 blindTarget parameter to view.php, 3 the delTargets0 parameter to viewmemo.php, or 4 the isReported parameter to writeok.php...

Land.Net SQL injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Land.Net SQL injection Vulnerability Date: 20/05/2012 Author: ReZk2ll Team: k2ll33d - Farouk Reseau - Ala Manai Vendor : http://www.land.net Version: n/a Category: webapps Google dork: intext:©Copyright 2006, Land.Net®, Inc...

SantriaCMS SQL Injection Vulnerability

Exploit for php platform in category web applications Author : Troy Date : Thursday, Dec 08, 2011 Location : /home/troy -------- CMS info ----------- Vendor : http://www.jasawebsitemurah.info/cms/ Exploit title : SantriaCMS SQL Injection Vulnerability Dork : "view.php?idArtikel=" Version : Null/1...

SantriaCMS - SQL Injection

SantriaCMS - SQL Injection I Think, I can, But i'm just loser Author : Troy Date : Thursday, Dec 08, 2011 Location : /home/troy -------- CMS info ----------- Vendor : http://www.jasawebsitemurah.info/cms/ Exploit title : SantriaCMS SQL Injection Vulnerability Dork : "view.php?idArtikel=" Version ...

jara 1.6 sql injection vulnerability

jara 1.6 sql injection vulnerability download http://sourceforge.net/projects/jara/files/v1.6/jarav16.zip author muuratsalo contact muuratsaloatgmail.com exploit http://localhost/jara/view.php?id=SQL Injection...

CVE-2010-4979

CANDID is reported vulnerable to an SQL Injection in image/view.php via the image_id parameter (CVE-2010-4979). The OpenVAS note corroborates that CANDID is prone to SQLi (and XSS in related checks). The CVSS base score listed is 7.5 (HIGH) with network access, low attack complexity, and no authe...

CVE-2010-5001

The CVE-2010-5001 entry concerns the esoftpro Online Contact Manager 3.0. The vulnerability is a SQL injection in view.php triggered by the id parameter, allowing remote attackers to execute arbitrary SQL commands. Root cause is unsanitized input in the id parameter leading to unintended query ma...

Jara 1.6 SQL Injection

jara 1.6 sql injection vulnerability download http://sourceforge.net/projects/jara/files/v1.6/jarav16.zip author muuratsalo contact muuratsaloatgmail.com exploit http://localhost/jara/view.php?id=SQL Injection...

Jara 1.6 - SQL Injection

jara 1.6 sql injection vulnerability download http://sourceforge.net/projects/jara/files/v1.6/jarav16.zip author muuratsalo contact muuratsaloatgmail.com exploit http://localhost/jara/view.php?id=SQL Injection...

Jara 1.6 - SQL Injection

Jara 1.6 - SQL Injection jara 1.6 sql injection vulnerability download http://sourceforge.net/projects/jara/files/v1.6/jarav16.zip author muuratsalo contact muuratsaloatgmail.com exploit http://localhost/jara/view.php?id=SQL Injection...

jara 1.6 sql injection vulnerability

Exploit for php platform in category web applications jara 1.6 sql injection vulnerability download http://sourceforge.net/projects/jara/files/v1.6/jarav16.zip author muuratsalo contact muuratsaloatgmail.com exploit http://localhost/jara/view.php?id=SQL Injection 0day.today 2018-01-03...

CVE-2011-3785

PHP Point Of Sale POS 10.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files...