CVE-2011-1953

CVE-2011-1953 affects Post Revolution prior to 0.8.0c-2. The vuln is a set of XSS flaws in common.php (allowed tags: p, a, strong, em, i, img, li, ol, video, blockquote) that do not sanitize attributes, enabling arbitrary script via tag attributes. A DoS path exists in a loop when removing non-pe...

CVE-2011-1952

CVE-2011-1952 affects Post Revolution up to version 0.8.0c. The DoS arises from a faulty loop in common.php when stripping non-permitted HTML: an attacker can trigger an infinite loop by posting crafted HTML (e.g., a

CVE-2011-1952

common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service infinite loop via malformed HTML markup, as demonstrated by an a sequence...

CVE-2010-3484

SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593...

phpmps 2.0 GBK Help.php $keywords SQL注入漏洞

php分类信息发布系统是一款免费开源的分类信息程序,适用于建立本地信息站点 Help.php 文件，取得keywords的值，只用trim函数，去除了首位空，直接带入sql查询 //取得文章列表 $keyword = !empty$REQUEST'keywords' ? trim$REQUEST'keywords' : ''; $typeid = !empty$REQUEST'typeid' ? intval$REQUEST'typeid' : 0; if!empty$keyword $arr = array; $keywords = 'AND '; $keywords .= "titl...

Izumi 1.1.0 Local File Inclusion / Remote File Inclusion

Izumi + Download : http://sourceforge.net/projects/izumi/files/ + Code : page.php requireonce$dirinstall . $dirsrc . "common.php"; + Example : x RFI : Izumipath/src/page.php?dirinstall=Shell x LFI : Izumipath/src/page.php?dirsrc=LFI%00 + GreetZ : s3luruh 4n4k n4k4l j4l4n4n g0r0nt4l0 + Note : Brb...

Oracle Secure Backup Administration Server Authentication Bypass (CVE-2009-1977)

Oracle Secure Backup is a backup solution allowing for single point of management of data present on network attached storage NAS devices and distributed hosts. An authentication bypass vulnerability has been reported in Oracle Secure Backup server. The vulnerability is due to a flaw in the logic...

CVE-2009-1508

SQL injection vulnerability in the xforumvalidateUser function in Common.php in X-Forum 0.6.2 allows remote attackers to execute arbitrary SQL commands, as demonstrated via the cookieusername parameter to Configure.php...

CVE-2009-1508

CVE-2009-1508 affects X-Forum 0.6.2. The vulnerability is an SQL injection in the function xforum_validateUser in Common.php , allowing remote attackers to execute arbitrary SQL commands via the cookie_username parameter to Configure.php. The NVD entry and related records confirm the issue and im...

Geeklog SEC_authenticate()函数SQL注入漏洞

BUGTRAQ ID: 34456 Geeklog是一个免费的、开放源码的Web应用程序。它可以使用户创建一个虚拟的社区，可以管理用户，张贴文章等。Geeklog采用PHP实现，以MySQL为后台数据库。 Geeklog的index.php模块中的SECauthenticate函数没有正确的验证用户所提交的PHPAUTHUSER和 REMOTEUSER变量参数，远程攻击者可以通过提交恶意查询请求执行SQL注入攻击。以下是/publichtml/webservices /atom/index.php文件中34-53行的有漏洞代码段： ... requireonce...

GNUBoard 4.31.03 (08.12.29) - Local File Inclusion

GNUBoard V4.31.03 08.12.29 Local/Remote File Include Vulnerability BY flyh4thotmail.com Thx to qiuren/rayt TEAM:Wolves Security Team SITE:http://bbs.wolvez.org/ / SIR GNUBoard VERSION 4.31.03 08.12.29is a widely used bulletin board system of Korea. It is freely available for all platforms that...

Nitrotech 0.0.3a (RFI/SQL) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ========================================================== Nitrotech 0.0.3a RFI/SQL Multiple Remote Vulnerabilities ========================================================== Name: Nitrotech 0.0.3a Multiple Remote Vulnerabilities Download:...

bcoos 1.0.13 Remote File Include Vulnerability

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + bcoos 1.0.13 Remote File Include Vulnerability + + + + Discovered by DeltahackingTEAM + + + + WwW.DeltaHacking.Net + + + + + + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ AUTHOR :...

bcoos-rfi.txt

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + bcoos 1.0.13 Remote File Include Vulnerability + + + + Discovered by DeltahackingTEAM + + + + WwW.DeltaHacking.Net + + + + + + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ AUTHOR :...

exophpdesk-rfi.txt

Title : ExoPHPDesk 1.2 Final Author : e.wiZz! Info : Bosnian Idiot ! Script Page : http://www.exocrew.com Dork : Powered by ExoPHPDesk v1.2 Final. RFI--------------------------------------------------------- common.php Line 40 dunno..i have normal notepad :D -------------cut...

CMScout 2.05 - bit Local File Inclusion

CMScout 2.05 - bit Local File Inclusion CMScout 2.05 LFI AUTHOR : IRCRASH R3d.W0rm Discovered by : IRCRASH R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Script Download : www.cmscout.co.za DORK : "Powered by CMScout ©2005 CMScout Group" Lfi...

CVE-2007-3650

myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via 1 an invalid year parameter to calendar.php, reached through index.php; 2 a direct request to common.php; and 3 a mode array parameter in the query string to login.php, which reveal the installation path in vario...

Design/Logic Flaw

myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via 1 an invalid year parameter to calendar.php, reached through index.php; 2 a direct request to common.php; and 3 a mode array parameter in the query string to login.php, which reveal the installation path in vario...

CVE-2007-3650

myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via 1 an invalid year parameter to calendar.php, reached through index.php; 2 a direct request to common.php; and 3 a mode array parameter in the query string to login.php, which reveal the installation path in vario...

scwiki-rfi.txt

scWiki 1.0 Beta 2 common.php pathdot Remote File Inclusion Vulnerability http://heanet.dl.sourceforge.net/sourceforge/sc-wiki/scwikibeta2.zip POC : /includes/common.php?pathdot=Shell...