CVE-2008-3782

Multiple cross-site scripting XSS vulnerabilities in admin/index.php in ACG-PTP 1.0.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the 1 Category name field under Advertisement Packages, the 2 Reason field under Credit/Debit Users, and the 3 FAQ question an...

SiteAdmin CMS - 'art' SQL Injection

SiteAdmin CMS Remote Sql Injection Vuln. Download : http://www.as-admin.com Cr@zyKing / sqL Lov3r'Z Crew Co. http://localhost/line2.php?lng=ru&art=16+limit+0+union+select+1,2,concatws0x3a3a,userlogin,userpassw,4,5,6,7+from+authusers+limit+3,10/&cat=2 Admin Panel :...

CVE-2008-3322

admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipecookie cookie...

phpAuction 3.2.1 (item.php id) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================= phpAuction 3.2.1 item.php id Remote SQL Injection Vulnerability ================================================================= phpauction-gpl Version3.2 Version SQL...

phpAuction 3.2.1 - item.php SQL Injection

phpAuction 3.2.1 - item.php SQL Injection phpauction-gpl Version3.2 Version SQL Injection Vulnerability ======================================================== Author: Hussin X = = Home : www.tryag.cc/cc = = email: darkangelg85atYahooDoTcom = hussin.xathotmailDoTcom = =...

GNU/Gallery <= 1.1.1.0 (admin.php) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ===================================================================== GNU/Gallery Vulnerability: http://site.com/admin.php?show=../../../../../../../etc/passwd NOTE/TIP: fair amount of sites running, althou no good dork. 0day.today 2018-04...

GNUGallery 1.1.1.0 - admin.php Local File Inclusion

GNUGallery 1.1.1.0 - admin.php Local File Inclusion --==+================================================================================+==-- --==+ GNU/Gallery Vulnerability: http://site.com/admin.php?show=../../../../../../../etc/passwd NOTE/TIP: fair amount of sites running, althou no good dor...

CVE-2008-2280

CVE-2008-2280 describes a cross-site scripting (XSS) vulnerability in admin/index.php of Script PHP PicEngine 1.0. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the l parameter. The description notes the information provenance as third-party. The provided do...

CVE-2008-2207

The CVE-2008-2207 entry covers a Cross-site Scripting (XSS) vulnerability in Maian Gallery 2.0, specifically in admin/index.php where the keywords parameter of a search action can be exploited to inject arbitrary script/HTML by an unauthenticated remote attacker. The affected component is Maian G...

CVE-2008-0371

Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magicquotesgpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via 1 the mohit parameter to a inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via 2 the id parameter to...

Sql injection

Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magicquotesgpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via 1 the mohit parameter to a inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via 2 the id parameter to...

CVE-2008-0350

admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes...

CVE-2008-0350

CVE-2008-0350 affects Evilsentinel 1.0.9 and earlier. Admin/index.php redirects without exiting, enabling remote attackers to gain administrative privileges and perform arbitrary configuration changes. The NVD entry notes a network-exposed vulnerability with partial impact to confidentiality, int...

CVE-2008-0350

admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes...

CVE-2007-6310

Multiple cross-site scripting XSS vulnerabilities in Falt4Extreme RC4 10.9.2007 allow remote attackers to inject arbitrary web script or HTML via the handler parameter to 1 index.php and possibly 2 admin/index.php, and 3 the topic parameter to modules/feed/feed.php aka modules/feed.php...

CVE-2007-6083

IceBB 1.0-rc6 contains a SQL injection in admin/index.php exploitable via the X-Forwarded-For HTTP header. Remote attackers can execute arbitrary SQL commands. The connected documents confirm the affected software and vulnerability class, but do not provide remediation steps or patched versions. ...

Sql injection

SQL injection vulnerability in admin/index.php in Interspire ActiveKB 1.5 allows remote attackers to execute arbitrary SQL commands via the questId parameter in a hideQuestion ToDo action. NOTE: the catId vector is already covered by CVE-2007-5131...

CVE-2007-5425

SQL injection vulnerability in admin/index.php in Interspire ActiveKB 1.5 allows remote attackers to execute arbitrary SQL commands via the questId parameter in a hideQuestion ToDo action. NOTE: the catId vector is already covered by CVE-2007-5131...

vietphp-rfi.txt

VietPHP Remote File Inclusion Vulnerbility Vuln. code : in: admin/index.php /index.php /functions DoRk: Powered by VietPHP Exploit: www.server.com/path/admin/index.php?language=Sh3LL www.server.com/index.php??language=Sh3LL www.server.com/functions.php?dirpath=Sh3LL...

Sql injection

Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the 2 loginid parameter uid variable, and possibly the 3 pwd parameter, to...