MyBlog 0.9.8 - Insecure Cookie Handling

MyBlog 0.9.8 - Insecure Cookie Handling -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= MyBlog eNYe-Sec - www.enye-sec.org MyBlog is an open source Blog/CMS project. It allows begginers to have a simple to use blog/cms and it will still please developers with feature packed...

onenews Beta 2 - Cross-Site Scripting / HTML Injection / SQL Injection

///////////////\\\\\\\\ Name : OneNews Beta 2 Multiple Vulnerabilities Author : suN8HclfcrimsoNLoyd9, DaRk-CodeRs Group Source : http://sourceforge.net/project/showfiles.php?groupid=193198 Dork : Powered by One-News Greetz : all DaRk-CodeRs guys, e.wiZz, str0ke ========================== |1...

Cross-Site Scripting vulnerabilities in CNCat

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в CNCat. XSS: Уязвимости в add.php можно как через GET, так и через POST, search.php и index.php. http://site/add.php?description=3C/textarea3E3Cscript3Ealertdocument.cookie3C/script3E...

phpglossar-rfi.txt

?????????? ??????????????? ??????????????????? ??????????????????????? ?????????????????????????? ?????????????????????????????? ????????????????????????????????? ??????????????????????????????????? ????????????????????????????????????? ???????????????????????????????????????...

PHPGlossar Format_Menue远程文件包含漏洞

PHPGlossar是一款基于PHP的WEB应用程序。 PHPGlossar不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是多个脚本对用户提交的'formatmenue'参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 PHPGlossar 0.8 目前没有解决方案提供： http://www.crear.de/2003/dienste/phpdownloadlinks0.6/loadpage.php?uid=7...

PHPGlossar 0.8 (format_menue) Remote File Inclusion Vulnerabilities

No description provided by source. ?????????? ??????????????? ??????????????????? ??????????????????????? ?????????????????????????? ?????????????????????????????? ????????????????????????????????? ??????????????????????????????????? ?????????????????????????????????????...

PHPGlossar 0.8 - format_menue Remote File Inclusion

PHPGlossar 0.8 - formatmenue Remote File Inclusion ?????????? ??????????????? ??????????????????? ??????????????????????? ?????????????????????????? ?????????????????????????????? ????????????????????????????????? ??????????????????????????????????? ?????????????????????????????????????...

PHPGlossar 0.8 (format_menue) Remote File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications =================================================================== PHPGlossar 0.8 formatmenue Remote File Inclusion Vulnerabilities =================================================================== ?????????? ???????????????...

CVE-2007-2169

Static code injection vulnerability in add.php in Mozzers SubSystem 1.0 allows remote attackers to inject PHP code into subs.php via the 1 Sub-name or 2 Sub-url field. NOTE: an earlier report indicated that the add action can be reached through a request to index.php...

CVE-2007-2169

Static code injection vulnerability in add.php in Mozzers SubSystem 1.0 allows remote attackers to inject PHP code into subs.php via the 1 Sub-name or 2 Sub-url field. NOTE: an earlier report indicated that the add action can be reached through a request to index.php...

Mozzers SubSystem Add.PHP任意代码执行漏洞

Mozzers SubSystem是一款基于PHP的WEB应用程序。 Mozzers SubSystem不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'Add.PHP'脚本对用户提交的WEB参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 Mozzers SubSystem Mozzers SubSystem 1.0 目前没有解决方案提供： http://sourceforge.net/projects/subsystem/...

CVE-2006-6463

The CVE-2006-6463 entry concerns Midicart’s admin/add.php, where an unrestricted file upload vulnerability exists. According to PT-2006-7072, remote authenticated users can upload arbitrary files (potentially including .php) to the images/ directory under the web root via the admin/add.php endpoi...

CVE-2006-3923

Cross-site scripting XSS vulnerability in add.php in Fire-Mouse Toplist 1.1 and earlier, when registerglobals is enabled, allows remote attackers to inject arbitrary web script or HTML via the Seitenname parameter...

saphp "add.php" forumid Parameter SQL Injection

=========================================== Discovered By: C.B.B.L CrAzY CrAcKeR ,Breeeeh ,BoNy-m ,LiNuXrOOt =========================================== Search:- powered by: saphp Example:- story/add.php?forumid=SQL Injection ===========================================...

CVE-2006-3769

Multiple cross-site scripting XSS vulnerabilities in Top XL 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 pass and 2 pass2 parameters in a add.php or the 3 id parameter in b members/index.php...

CVE-2006-3349

CVE-2006-3349: The connected sources confirm multiple SQL injection vulnerabilities in SmS Script, exploitable remotely via the CatID parameter in cat.php and add.php. The NVD entry documents the impact as arbitrary SQL execution with partial confidentiality/integrity/availability effects (CVSS v...

CVE-2006-2987

Multiple SQL injection vulnerabilities in Dominios Europa PICRATE aka TAL RateMyPic 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 id, 2 voteid, and 3 vfiel parameters to a index.php, and via the 4 nick, 5 email, 6 city, 7 messen, and 8 message form field parameters to b...

CVE-2006-2987

Multiple SQL injection vulnerabilities in Dominios Europa PICRATE aka TAL RateMyPic 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 id, 2 voteid, and 3 vfiel parameters to a index.php, and via the 4 nick, 5 email, 6 city, 7 messen, and 8 message form field parameters to b...

CVE-2006-2281

X-Scripts X-Poll (xpoll) 2.30 is affected by an RCE via admin/images/add.php: an attacker can upload a PHP file and access it remotely. The underlying issue is improper file upload handling that allows execution of arbitrary PHP code. This affects the product as described in CVE-2006-2281 and is ...

Cross site scripting

Cross-site scripting XSS vulnerability in add.php in Hinton Design phphd 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...