CVE-2012-5056

Multiple cross-site scripting XSS vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 readyCallback parameter to apps/filesodfviewer/src/webodf/webodf/flashput/PUT.swf, the 2 root parameter to apps/gallery/templates/index.php, or...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 readyCallback parameter to apps/filesodfviewer/src/webodf/webodf/flashput/PUT.swf, the 2 root parameter to apps/gallery/templates/index.php, or...

Sql injection

SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

CVE-2013-2045

CVE-2013-2045 affects ownCloud Server prior to 5.0.6 (and related advisory notes) where lib/db.php does not neutralize special elements passed to SQL queries, enabling SQL injection by remote authenticated users. The issue is limited to authenticated access and the impact is described as arbitrar...

Multiple SQL injection - ownCloud

ownCloud before 5.0.6 does not neutralize special elements that are passed to the SQL query in lib/db.php which therefore allows an authenticated attacker to execute arbitrary SQL commands. CVE-2013-2045 ownCloud before 5.0.6 and 4.5.11 does not neutralize special elements that are passed to the...

Server: Multiple SQL injection

ownCloud before 5.0.6 does not neutralize special elements that are passed to the SQL query in lib/db.php which therefore allows an authenticated attacker to execute arbitrary SQL commands. CVE-2013-2045 ownCloud before 5.0.6 and 4.5.11 does not neutralize special elements that are passed to the...

Server: Multiple XSS vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the readyCallback parameter to PUT.swf in apps/filesodfviewer/src/webodf/webodf/flashput/ the root parameter to index.php in apps/gallery/templates/ a...

Blink Blog System Authentication Bypass

Salvatore "drosophila" Fresta + Application: Blink Blog System + Version: Unknown + Website: http://blogink.sourceforge.net + Bugs: A Authentication Bypass + Exploitation: Remote + Date: 03 Aug 2009 + Discovered by: Salvatore Fresta aka drosophila + Author: Salvatore Fresta aka drosophila + E-mai...

CVE-2008-4180

Unspecified vulnerability in db.php in NooMS 1.1 allows remote attackers to conduct brute force attacks against passwords via a username in the gdbuser parameter and a password in the gdbpwd parameter, and possibly a "localhost" gdbhost parameter value, related to a "Mysql Remote Brute Force...

CVE-2008-4180

The CVE-2008-4180 entry concerns NooMS 1.1, where a vulnerability in db.php could allow remote brute-force attempts against database passwords using g_dbuser and g_dbpwd parameters, and possibly a localhost value for g_dbhost. The connected sources corroborate an unspecified vulnerability enablin...

CVE-2008-0143

PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as provided with SAM Broadcaster, allows remote attackers to execute arbitrary PHP code via a URL in the commonpath parameter...

samPHPweb (db.php commonpath) Remote File Inclusion Vulnerability

No description provided by source. +By CrackersChild+ Script.......: samPHPweb Page.........: http://support.spacialaudio.com/forums/viewforum.php?f=22 & http://www.spacialaudio.com/ Author.......: CrackersChild | [email protected] & [email protected] Class........: Remote File nclu...

samPHPweb 4.2.2 - db.php Remote File Inclusion

samPHPweb 4.2.2 - db.php Remote File Inclusion +By CrackersChild+ Script.......: samPHPweb Page.........: http://support.spacialaudio.com/forums/viewforum.php?f=22 & http://www.spacialaudio.com/ Author.......: CrackersChild | [email protected] & [email protected] Class........: Remo...

samPHPweb (db.php commonpath) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================= samPHPweb db.php commonpath Remote File Inclusion Vulnerability ================================================================= +By CrackersChild+ Script.......: samPHPweb...

WordPress wp-db.php文件字符集SQL注入漏洞

BUGTRAQ ID: 26795 WordPress是一款免费的论坛Blog系统。 WordPress处理用户数据时存在漏洞，远程攻击者可能利用此漏洞执行SQL注入攻击。 WordPress中的大多数数据库查询使用escape方式过滤SQL字符串，实际上是通过addslashes函数过滤输入，而addslashes函数没有考虑SQL字符串中所使用的字符集，盲目的向单引号前插入反斜线，这样的反斜线可能会形成其他有效的字符。以下是wp-includes/query.php中的漏洞代码： // If a search pattern is specified, load the posts...

wordpresscharset-sql.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 === WordPress Charset SQL Injection Vulnerability === Release date: 2007-12-10 Last modified: 2007-12-10 Source: Abel Cheung Affected version: WordPress escape$gpc; Finally, escape method belongs to wp-includes/wp-db.php: function escape$string return...

CVE-2007-5683

Multiple cross-site scripting XSS vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the username parameter to the password reminder page tiki-remindpassword.php, 2 IMG tags in wiki pages, and 3 the localphp parameter to...

Directory traversal

Multiple directory traversal vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the adminhome parameter to modules/poll/pollsummary.php or 2 the rootdp parameter to include/db.php...

Sql injection

Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating Bar before 1.2.0 allow remote attackers to execute arbitrary SQL commands via the 1 q and 2 t parameters in a db.php and b rpc.php...

CVE-2007-3686

The CVE-2007-3686 entry describes a CRLF injection vulnerability in the Unobtrusive Ajax Star Rating Bar prior to 1.2.0. The flaw occurs in db.php and allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTP_REFERER parameter. Public references corroborate ...