Better WP Security 3.5.5 - inc/admin/content.php id_specialfile Parameter Stored XSS

The iThemes Security formerly Better WP Security WordPress plugin was affected by an inc/admin/content.php idspecialfile Parameter Stored XSS security vulnerability...

myBusinessAdmin (content.php) Blind SQL Injection Vulnerability

No description provided by source. myBusinessAdmin content.php Blind Sql Injection Vulnerability ============================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Team : Sec Attack Team .:. Home : www.sec-attack.com/vb .:. Script : myBusinessAdmin .:...

Vortex Portal 2.0 content.php act Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/12878/info Vortex Portal is reportedly affected by a remote PHP file include vulnerability. This issue is due to a failure in the application to properly sanitize user supplied input. It is conjectured this vulnerability...

ISPConfig Authenticated Arbitrary PHP Code Execution (CVE-2013-3629)

A code execution vulnerability has been reported in ISPConfig. The vulnerability is due to a flaw in the /content.php script that is triggered when parsing language files. An attacker could trigger this flaw via a specially crafted language file. Successful exploitation of this vulnerability coul...

XDcms Sql Injection 1-5

简要描述： SQL Injection 详细说明： 注入在XDCMS企业管理系统后台的内容发布处，\system\modules\xdcms\content.php文件： public function addsave $title=safehtml$POST'title';//第一处注入title字段，safehtml为过滤规则集，可被大写绕过进行注入 $commend=intval$POST'commend'; $username=safehtml$POST'username';//第二处注入username，大写可绕过过滤 $thumb=$POST'thumb';...

CVE-2014-1401

Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 search parameter to mod/content/content.php or 2 CLIENTIP, 3 XFORWARDEDFOR, 4 XFORWARDED, 5 FORWARDEDFOR, or 6 FORWARDED HTTP header to index.php...

PHPCMS v9.3.4 content.php SQL注入漏洞

PHPCMS全版本通杀SQL注入漏洞,测试版本为V9.5.3版本，2014-05-12之前的 存在漏洞的文件/phpcms/modules/member/content.php 202行 edit函数 $info = array; foreach$POST'info' as $k=$v ifinarray$k, $fields $POST'info'$k = newhtmlspecialcharstrimscript$v; $POST'linkurl' = strreplacearray'"','','',",",'...

Eformics Systems Sql Injection Vulnerability

Exploit for php platform in category web applications Eformics Systems Multiple Sql Injection Vulnerability ======================================================================= .:. Author : AtT4CKxT3rR0r1ST email protected .:. Script : http://www.eformics.com/ .:. Dork : "Powered by: Eformics...

Weeds(Weedcms)cms sql injection vulnerability-vulnerability warning-the black bar safety net

Vulnerability author: B1oods Vulnerability source: law guest Forum Google keyword added: Powered by WeedCMS Article nothing technical content has the wrong place a lot of contains! Watching this program is because before the mind the big cattle sub-yeah toast send this through a what dig populari...

RealAdmin - (content.php) Blind SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: RealAdmin - SQL Injection Vulnerability Date: 22-04-2012 Author: ShinoBi-Dz E-mail : email protected Facebook : https://www.facebook.com/shinobi.benz Category: webapps Google dork: inurl:"content.php?id=" intext:"powered by...

i2soft Technology Local File Inclusion / Remote File Inclusion

i2soft Technology = LFI RFI Vulnerability ======================================================== .:. Author : Metropolis .:. Home : http://metropolis.fr.cr .:. Script : i2soft Technology .:. Version : N/A .:. Dork : Developed by i2soft Technology .:. Bug Type : LFI RFI === LFI ===...

osCSS2 "_ID" parameter Local file inclusion

Advisory: osCSS2 "ID" parameter Local file inclusion Advisory ID: SSCHADV2011-034 Author: Stefan Schurtz Affected Software: Successfully tested on osCSS2 2.1.0 latest version Vendor URL: http://oscss.org/ Vendor Status: Fixed in svn branche 2.1.0 and reported in develop version 2.1.1...

osCSS2 - '_ID' Local file Inclusion

Advisory: osCSS2 "ID" parameter Local file inclusion Advisory ID: SSCHADV2011-034 Author: Stefan Schurtz Affected Software: Successfully tested on osCSS2 2.1.0 latest version Vendor URL: http://oscss.org/ Vendor Status: Fixed in svn branche 2.1.0 and reported in develop version 2.1.1...

osCSS2 "_ID" parameter Local file inclusion

Exploit for php platform in category web applications Advisory: osCSS2 "ID" parameter Local file inclusion Advisory ID: SSCHADV2011-034 Author: Stefan Schurtz Affected Software: Successfully tested on osCSS2 2.1.0 latest version Vendor URL: http://oscss.org/ Vendor Status: Fixed in svn branche...

CVE-2010-4844

SQL injection vulnerability in content.php in MH Products Easy Online Shop allows remote attackers to execute arbitrary SQL commands via the kat parameter...

Sql injection

SQL injection vulnerability in content.php in MH Products Easy Online Shop allows remote attackers to execute arbitrary SQL commands via the kat parameter...

CVE-2010-4844

SQL injection vulnerability in content.php in MH Products Easy Online Shop allows remote attackers to execute arbitrary SQL commands via the kat parameter...

CVE-2010-4844

CVE-2010-4844 describes an SQL injection vulnerability in content.php of MH Products Easy Online Shop, exploitable via the kat parameter to execute arbitrary SQL commands. The provided documents do not specify affected versions, root cause details beyond the injection flaw, or any remediation ste...

Cross site scripting

Cross-site scripting XSS vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web script or HTML via the quicksearchContentContent parameter...

CVE-2010-0957

Directory traversal vulnerability in content.php in Saskia's Shopsystem beta1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter...