Sql injection

Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the...

CVE-2007-0971

Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the...

Php5 GPC bypass flaw-vulnerability warning-the black bar safety net

In the discussion of specific defects before we start to learn a little about php security aspect of small things. magicquotesgpc option is php one of the important security settings, when the option is ON that is open at the time, all from GET, POST, COOKie is passed over the data in the'," and,...

CVE-2006-0758

Multiple cross-site scripting XSS vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in 1 index.php and 2 possibly certain other scripts, which is not properly cleansed when accessed from the...

CVE-2006-0758

Multiple cross-site scripting XSS vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in 1 index.php and 2 possibly certain other scripts, which is not properly cleansed when accessed from the...

CVE-2005-4317

Limbo CMS 1.0.4.2 and earlier, with registerglobals off, does not protect the $SERVER variable from external modification, which allows remote attackers to use the SERVERREMOTEADDR parameter to 1 conduct cross-site scripting XSS attacks in the stats module or 2 execute arbitrary code via an eval...

Limbo <= 1.0.4.2 _SERVER[REMOTE_ADDR] Overwrite Remote Exploit

Exploit for unknown platform in category web applications ============================================================== Limbo this works wtih registerglobals off & regardless of magicquotesgpc settings usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "Humble words and...

Limbo 1.0.4.2 - &#039;_SERVER[REMOTE_ADDR]&#039; Remote Command Execution

this works wtih registerglobals off & regardless of magicquotesgpc settings usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "Humble words and increased preparations are signs that the enemy is about to advance. Violent language and driving forward as if to the attack are...

CVE-2005-4193

Cross-site scripting XSS vulnerability in UseBB before 0.7 allows remote attackers to inject arbitrary web script or HTML via the $SERVER'PHPSELF' variable...

CVE-2005-4193

CVE-2005-4193 is an XSS vulnerability in UseBB prior to 0.7, exploitable via the $_SERVER['PHP_SELF'] variable in web requests. The affected component is UseBB’s input handling that processes PHP_SELF; impact is arbitrary scripted HTML in victim pages. The provided docs do not state a fixed versi...

Guppy 4.5.9 - REMOTE_ADDR Remote Command Execution

Guppy 4.5.9 - REMOTEADDR Remote Command Execution Guppy body background-color:111111; SCROLLBAR-ARROW-COLOR: ffffff; SCROLLBAR-BASE-COLOR: black; CURSOR: crosshair; color: 1CB081; img backgro...