Fifa Master XLS 2.3.2 - 'usw' SQL Injection

Exploit Title: Fifa Master XLS 2.3.2 - 'usw' SQL Injection Dork: N/A Date: 2018-10-24 Exploit Author: Ihsan Sencan Vendor Homepage: http://fankstribe.org/ Software Link: https://sourceforge.net/projects/fifamasterxls/files/latest/download Version: 2.3.2 Category: Webapps Tested on:...

Ultrabenosaurus ChatBoard - Persistent Cross-Site Scripting

Ultrabenosaurus ChatBoard - Persistent Cross-Site Scripting Exploit Title: Ultrabenosaurus ChatBoard - Stored XSS Date: 2016-06-14 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://ultrabenosaurus.ninja/ Software Link:...

Ultrabenosaurus ChatBoard Cross Site Scripting

Exploit Title: Ultrabenosaurus ChatBoard - Stored XSS Date: 2016-06-14 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://ultrabenosaurus.ninja/ Software Link: https://github.com/Ultrabenosaurus/ChatBoard/archive/master.zip Tested on: Debian wheezy CVE : none...

CVE-2013-7003

Multiple cross-site scripting XSS vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 full name field, 2 company field, or 3 filename to chat.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 full name field, 2 company field, or 3 filename to chat.php...

Joomla Freichat Cross Site Scripting

Hello, Multiple cross-site scripting XSS vulnerabilities in Freichat component for Joomla! allow remote attackers to inject arbitrary web script or HTML code via 1 the id or xhash parameters to /client/chat.php or 2 the toname parameter to /client/plugins/upload/upload.php. File: /client/chat.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in asaanCart 0.9 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO to calc.php, 2 chat.php, 3 register.php, or 4 index.php in libs/smartyajax/; or the 5 page parameter to libs/smartyajax/index.php...

CVE-2012-5330

Multiple cross-site scripting XSS vulnerabilities in asaanCart 0.9 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO to calc.php, 2 chat.php, 3 register.php, or 4 index.php in libs/smartyajax/; or the 5 page parameter to libs/smartyajax/index.php...

CVE-2012-5330

As provided, CVE-2012-5330 is an XSS vulnerability in asaanCart 0.9 affecting multiple entry points: the PATH_INFO parameters to calc.php, chat.php, register.php, or index.php in libs/smarty_ajax/, and the page parameter to libs/smarty_ajax/index.php. The description does not specify affected ver...

CVE-2012-5330

Multiple cross-site scripting XSS vulnerabilities in asaanCart 0.9 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO to calc.php, 2 chat.php, 3 register.php, or 4 index.php in libs/smartyajax/; or the 5 page parameter to libs/smartyajax/index.php...

Unfixed XSS vulnerability at www.funny-stadium.com

Security researcher GeNkStAr, has submitted on 10/07/2008 a cross-site-scripting XSS vulnerability affecting www.funny-stadium.com, which at the time of submission ranked 493751 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/07/2008. It is...

Sql injection

Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php...

CVE-2008-3764

Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php...

CVE-2007-2095

PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 allows remote attackers to execute arbitrary PHP code via a URL in the myroot parameter, a different vector than CVE-2007-0498...

CVE-2007-2095

CVE-2007-2095 documents a PHP remote file inclusion in MySpeach 1.9 (chat.php) that allows an attacker to execute arbitrary PHP code by supplying a URL in the my[root] parameter. This is a distinct vector from CVE-2007-0498. Evidence across sources confirms the RFI flaw but provides no patch deta...

CVE-2007-1895

CVE-2007-1895 describes a PHP remote file inclusion in Sky GUNNING MySpeach (3.0.7 and earlier) when run with PHP 5. An FTP URL placed in the my_ms[root] cookie enables remote attackers to execute arbitrary PHP code. Connected documents corroborate variants of this vulnerability across MySpeach 3...

CVE-2007-1896

CVE-2007-1896 is a directory-traversal flaw in Sky GUNNING MySpeach 3.0.7 and earlier, affecting the file chat.php . The root cause is improper handling of a cookie parameter my_ms[root], allowing a attacker to trigger local file inclusion by using a double dot (“..”) path traversal with a traili...

livehelper.txt

================== Credit: Mr-X Site: www.alshmokh.com Email: [email protected] ================== Example:- /chat.php?action=showmain&PHPSESSID=XSS...

CVE-2006-2394

Cross-site scripting XSS vulnerability in chat.php in PHP Live Helper allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter...

CVE-2006-2394

CVE-2006-2394 affects PHP Live Helper’s chat.php, where the PHPSESSID parameter enables cross-site scripting. The vulnerability allows remote attackers to inject arbitrary web script or HTML in the context of the affected site. Public references (including Exploit-DB) document a browser-executabl...