Sql injection

Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 answerid or 2 questionid parameter to polls/vote.php, 3 storyid parameter to comments/add.php or 4 comments/edit.php, or 5 threadid parameter to posts/add.php. NOTE: this issue...

CVE-2013-5640

Summary: CVE-2013-5640 (and related CVE-2013-7349) affect the Gnew 2013.1 application, with multiple SQL injection vectors. The vulnerabilities allow remote attackers to inject SQL via parameters in polls/vote.php (answer_id, question_id), comments/add.php (story_id) and comments/edit.php, or pos...

ThinkSAAS最新版绕过过滤继续注入2处

简要描述： ThinkSAAS最新版绕过过滤继续注入2处 无视gpc，无需登录 详细说明： 之前这个漏洞有 ′ 雨。分析过： WooYun: Thinksaas某处绕过过滤的注射漏洞 现在官方有最新版，做了修改，加了过滤，但是过滤不严格，可以绕过继续注入。 第一处： 现在最新的代码/app/tag/action/addajax.php case "do": $objname = t$POST'objname'; $idname = tsFiltert$POST'idname'; $objid = t$POST'objid'; $tags = t$POST'tags';...

CVE-2014-1620

CVE-2014-1620 concerns multiple cross-site scripting (XSS) vulnerabilities in the HIOX Guest Book (HGB) version 5.0, specifically in add.php. The issue allows remote attackers to inject arbitrary web script or HTML via the (1) name1, (2) email, or (3) cmt parameters. The NVD entry reports a Mediu...

DEDECMS 5.7 友情链接flink-add.php XSS

No description provided by source...

Raja Natarajan Guestbook 1.0 Local File Inclusion Vulnerability

Exploit for php platform in category web applications Raja Natarajan GUestbook 1.0 Local File Inclusion Exploit App: http://sourceforge.net/projects/phpscript/files/phpscript/Raja%20Guestbook/guestbook1.0.zip/download Author: h0rd Vuln:...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the 1 Question and 2 Choice fields in tools/polls/add.php, the 3 Type and 4 Title fields in tools/groups/createmanual.php, and...

phpcms 2007sp6 digg-add.php Sql注入漏洞

No description provided by source...

CVE-2008-6750

CVE-2008-6750 affects FlexPHPDirectory 0.0.1, where add.php allows unrestricted file uploads. An attacker can upload a file with an executable extension and then access it directly under photo/ to execute code remotely. The underlying issue is unrestricted upload handling in the web application, ...

Sql injection

Multiple SQL injection vulnerabilities in AV Book Library before 1.1 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to 1 admin/edit.php, 2 admin/add.php, 3 lib/booksearch.php, and possibly other components...

FlexPHPDirectory 0.0.1 SQL Injection

Autore: x0r Email: [email protected] Site: http://w00tz0ne.altervista.org/index.php Cms: Flexphpdiren Version: 0.0.1 Download: http://www.china-on-site.com/flexphpdir/ Bug In \admin\usercheck.php 'n' \add.php $sql = "select username,adminid from linkexadmin where username='$checkuser' and...

Crlf injection

Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to have an unknown impact via unspecified vectors involving 1 a %0a sequence in a cookie and 2 the add.php file...

CVE-2008-4341

add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication and gain administrative access by setting a cookie with admin=yes and login=admin...

CVE-2008-4341

add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication and gain administrative access by setting a cookie with admin=yes and login=admin...

MyBlog 0.9.8 - Insecure Cookie Handling

MyBlog 0.9.8 - Insecure Cookie Handling -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= MyBlog eNYe-Sec - www.enye-sec.org MyBlog is an open source Blog/CMS project. It allows begginers to have a simple to use blog/cms and it will still please developers with feature packed...

onenews Beta 2 - Cross-Site Scripting / HTML Injection / SQL Injection

///////////////\\\\\\\\ Name : OneNews Beta 2 Multiple Vulnerabilities Author : suN8HclfcrimsoNLoyd9, DaRk-CodeRs Group Source : http://sourceforge.net/project/showfiles.php?groupid=193198 Dork : Powered by One-News Greetz : all DaRk-CodeRs guys, e.wiZz, str0ke ========================== |1...

Cross-Site Scripting vulnerabilities in CNCat

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в CNCat. XSS: Уязвимости в add.php можно как через GET, так и через POST, search.php и index.php. http://site/add.php?description=3C/textarea3E3Cscript3Ealertdocument.cookie3C/script3E...

phpglossar-rfi.txt

?????????? ??????????????? ??????????????????? ??????????????????????? ?????????????????????????? ?????????????????????????????? ????????????????????????????????? ??????????????????????????????????? ????????????????????????????????????? ???????????????????????????????????????...

PHPGlossar Format_Menue远程文件包含漏洞

PHPGlossar是一款基于PHP的WEB应用程序。 PHPGlossar不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是多个脚本对用户提交的'formatmenue'参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 PHPGlossar 0.8 目前没有解决方案提供： http://www.crear.de/2003/dienste/phpdownloadlinks0.6/loadpage.php?uid=7...

PHPGlossar 0.8 (format_menue) Remote File Inclusion Vulnerabilities

No description provided by source. ?????????? ??????????????? ??????????????????? ??????????????????????? ?????????????????????????? ?????????????????????????????? ????????????????????????????????? ??????????????????????????????????? ?????????????????????????????????????...