Simplog 0.9.3 Archive.PHP PID Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20900/info Simplog is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...

DIY-CMS blog mod SQL Injection Vulnerability

No description provided by source. Exploit Title: DIY-CMS blog mod SQL Injection Author: snup Contact: [email protected] Site: http://e-o-u.org SQL Injection: DORK: inurl:mod.php?mod=blog intext:powered by DIY-CMS inurl:mod.php?mod=blog BUG:...

cmseasy存储型xss漏洞（代码分析）

简要描述： cmseay存储型xss 下载的版本为CmsEasy5.5UTF-820130910 详细说明： bbs/add-archive.php checklogin; //验证用户登录 ......省略........ ifisset$POST'submit' ifstrtolowertrim$POST'verify' != strtolower$SESSION'verify' //确认验证码 actionpublic::turnPage'index.php','验证码输入错误！'; $archive = dbbbsarchive::getInstance;...

Sql injection

Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY-CMS allow remote attackers to execute arbitrary SQL commands via the 1 start parameter to a tags.php, b list.php, c index.php, d mainindex.php, e viewpost.php, f archive.php, g control/approvecomments.php, h...

CVE-2010-4155

Multiple cross-site scripting XSS vulnerabilities in eXV2 CMS 2.10 allow remote attackers to inject arbitrary web script or HTML via the 1 rssfeedURL parameter to manual/caferss/example.php and the sumb parameter to 2 modules/news/archive.php, 3 modules/news/topics.php, and 4...

RASH CMS SQL Injection Vulnerability

Exploit for php platform in category web applications ==================================== RASH CMS SQL Injection Vulnerability ==================================== Exploit Title: RASH CMS SQL INJECTION Date: 15/8/2010 Author: ASHIYANE DIGITAL SECURITY TEAM Software Link:...

odCMS 1.07 - 'archive.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/41422/info odCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

PHPList 2.8.11 SQL Injection

----------------------------------------------------------------------------------------------------------------------- phplist version 2.8.11 SQL Injection Vulnerability http://www.phplist.com/...

phplist version 2.8.11 SQL Injection Vulnerability

Exploit for php platform in category web applications ================================================== phplist version 2.8.11 SQL Injection Vulnerability ==================================================...

phpList 2.8.11 - SQL Injection

phpList 2.8.11 - SQL Injection ----------------------------------------------------------------------------------------------------------------------- phplist version 2.8.11 SQL Injection Vulnerability http://www.phplist.com/...

CVE-2010-1078

CVE-2010-1078 concerns a SQL injection in SphereCMS 1.1 alpha (archive.php, view parameter) where encoded null bytes (%00) bypass a protection mechanism, enabling arbitrary SQL commands. Documentation across sources (NVD, CVE records, PRION/CVELIST mirrors) confirms the vulnerability in XlentProj...

Zomorrod Cms Sql Injection Vulnerability

Exploit for php platform in category web applications ======================================== Zomorrod Cms Sql Injection Vulnerability ======================================== Application Info: Name: Zomorrod Cms Vendor: http://www.zomorrod.net Vulnerability:...

CVE-2009-2101

Directory traversal vulnerability in archive.php in TorrentVolve 1.4, when registerglobals is enabled, allows remote attackers to delete arbitrary files via a .. dot dot in the deleteTorrent parameter...

CVE-2009-2101

CVE-2009-2101 affects TorrentVolve 1.4, via archive.php: a directory traversal vulnerability that, when register_globals is enabled, allows remote attackers to delete arbitrary files using a .. in the deleteTorrent parameter. The issue is evidenced by NVD and OpenVAS records with a CVSS v2 base s...

TorrentVolve 1.4 - deleteTorrent Delete Arbitrary File

TorrentVolve 1.4 - deleteTorrent Delete Arbitrary File ---------------------------------------------------------------------------------------------------- Name : Torrent Volve Site : http://sourceforge.net/projects/torrentvolve/ Down :...

TorrentVolve 1.4 - 'deleteTorrent' Delete Arbitrary File

---------------------------------------------------------------------------------------------------- Name : Torrent Volve Site : http://sourceforge.net/projects/torrentvolve/ Down : http://sourceforge.net/project/showfiles.php?groupid=179905&packageid=207933&releaseid=476030...

TorrentVolve 1.4 File Deletion

---------------------------------------------------------------------------------------------------- Name : Torrent Volve Site : http://sourceforge.net/projects/torrentvolve/ Down : http://sourceforge.net/project/showfiles.php?groupid=179905&packageid=207933&releaseid=476030...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the configinstalldir parameter to 1 search.php, 2 archive.php, 3 comments.php, and 4 news.php; 5 News.php, 6 SendFriend.php, 7...

Chipmunk Blog - 'archive.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/29883/info Chipmunk Blog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user ...

CVE-2008-2340

Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 lang parameter to a advsearch.php, b archive.php, and c index.php, and the 2 pid parameter to d listtagitems.php...