Lucene search
K

13 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

Alumni 1.0.8/1.0.9 - info.php id Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/29019/info Project Alumni is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow...

7.1AI score
Exploits0
Prion
Prion
added 2008/05/08 4:20 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in pages/news.page.inc in Project Alumni 1.0.9 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a news action to index.php, a different vector than CVE-2007-6126...

4.3CVSS5.9AI score0.01729EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2008/05/08 4:20 p.m.12 views

CVE-2008-2118

SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter...

7.5CVSS8.4AI score0.00971EPSS
Exploits1References4
Prion
Prion
added 2008/05/08 4:20 p.m.14 views

Sql injection

SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter...

7.5CVSS9.1AI score0.00971EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2008/05/08 4:0 p.m.41 views

CVE-2008-2118

SQL injection vulnerability (CVE-2008-2118) in Project Alumni 1.0.9, specifically in info.php via the id parameter. The underlying issue allows remote attackers to execute arbitrary SQL commands. This is evidenced by multiple sources (NVD entry and associated records) confirming the flaw and impa...

7.5CVSS8.4AI score0.00971EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2008/05/08 4:0 p.m.18 views

CVE-2008-2118

SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter...

8.4AI score0.00971EPSS
Exploits1References4
CVE
CVE
added 2008/05/08 4:0 p.m.49 views

CVE-2008-2117

CVE-2008-2117 is a cross-site scripting (XSS) vulnerability in Project Alumni 1.0.9. The issue affects the pages/news.page.inc component, where the year parameter in a news action to index.php can be exploited to inject arbitrary web script or HTML. This CVE is documented across multiple sources ...

4.3CVSS5.7AI score0.01465EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2007/11/30 12:0 a.m.18 views

CVE-2007-6184

Directory traversal vulnerability in index.php in Project Alumni 1.0.9 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the act parameter...

7.1AI score0.02539EPSS
Exploits0References5
0day.today
0day.today
added 2007/11/27 12:0 a.m.21 views

project alumni 1.0.9 (index.php act) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ======================================================================= project alumni 1.0.9 index.php act Local File Inclusion Vulnerability ======================================================================= project alumni 1.0.9 remo...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2007/11/27 12:0 a.m.10 views

project alumni 1.0.9 - index.php?act Local File Inclusion

project alumni 1.0.9 - index.php?act Local File Inclusion project alumni 1.0.9 remote file disclosure vulnerability download : https://sourceforge.net/projects/project-alumni/ vulnerable code on index.php include$SERVER'DOCUMENTROOT' . "/pages/" . $GET'act' . ".page.inc.php"; exploit :...

Exploits0
seebug.org
seebug.org
added 2007/11/27 12:0 a.m.18 views

project alumni 1.0.9 (index.php act) Local File Inclusion Vulnerability

No description provided by source. project alumni 1.0.9 remote file disclosure vulnerability download : https://sourceforge.net/projects/project-alumni/ vulnerable code on index.php include$SERVER'DOCUMENTROOT' . "/pages/" . $GET'act' . ".page.inc.php"; exploit :...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2007/11/27 12:0 a.m.38 views

project alumni 1.0.9 - 'index.php?act' Local File Inclusion

project alumni 1.0.9 remote file disclosure vulnerability download : https://sourceforge.net/projects/project-alumni/ vulnerable code on index.php include$SERVER'DOCUMENTROOT' . "/pages/" . $GET'act' . ".page.inc.php"; exploit : http://victim/path/index.php?act=../../../../../../etc/passwd%00...

7.4AI score
Exploits0
Prion
Prion
added 2007/11/26 10:46 p.m.12 views

Sql injection

Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to 1 view.page.inc.php, which is reachable through a view action to index.php; or 2 the year parameter to news.page.inc.php, which is reachabl...

7.5CVSS9.2AI score0.01018EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder