CVE-2021-36547

A remote code execution RCE vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file...

CVE-2021-36547

Summary: Mara CMS v7.5 contains a remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew. The root cause is alleged improper input filtering in the file upload logic, enabling an attacker to upload a crafted PHP file that can execute arbitrary commands. This iss...

CVE-2020-25042

CVE-2020-25042 concerns Mara CMS 7.5 where an authenticated admin/manager can upload PHP via codebase/handler.php after invoking codebase/dir.php?type=filenew, enabling arbitrary code execution. The vulnerability is triggered by an authenticated session and a crafted request; public exploit detai...

mini-pub 0.3 - Local Directory Traversal File Disclosure

mini-pub 0.3 - Local Directory Traversal File Disclosure | | | \ \ \ / / / \ / | / | / | | | | | | \ V / / \ | | | | | | | | | | | / \ | || | | | | | || || \ || // \ | | | mini-pub.php = v0.3 Local Directory Traversal / File Disclosure Vulnerabilities Script : http://mini-pub.sourceforge.net/...

Cross site scripting

Cross-site scripting XSS vulnerability in dir.php in milliscripts Redirection allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a browse action...

CVE-2007-6641

CVE-2007-6641 is an XSS vulnerability in milliscripts Redirection, affecting dir.php where an attacker can inject arbitrary script/HTML by supplying the cat parameter in a browse action. The NVD entry lists a medium severity (CVSS v2: AV:N/AC:M/Au:N/C:N/I:P/A:N, base score 4.3). No exploitation d...

CVE-2007-6641

Cross-site scripting XSS vulnerability in dir.php in milliscripts Redirection allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a browse action...

milliscripts (dir.php) Cross-Site Scripting Vulnerability

milliscripts dir.php Cross-Site Scripting Vulnerability Download: http://www.milliscripts.com/ Bug found by Jose Luis Gуngora Fernбndez / JosS Contact: sys-projectathotmail.com Spanish Hackers Team www.spanish-hackers.com /server irc.freenode.net /join fullsecure d0rk: "powered by milliscripts"...

milliscripts-xss.txt

milliscripts dir.php Cross-Site Scripting Vulnerability Download: http://www.milliscripts.com/ Bug found by Jose Luis Góngora Fernández / JosS Contact: sys-projectathotmail.com Spanish Hackers Team www.spanish-hackers.com /server irc.freenode.net /join fullsecure d0rk: "powered by milliscripts"...

MilliScripts - 'dir.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/27078/info MilliScripts is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context ...

esyndicatles-sql.txt

-------------------------------------------------------------- eSyndiCat Link Exchange Script - Remote SQL Injection Advisory -------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://www.esyndicat.com/ dork.....: "© 2005-200...

eSyndiCat Link Exchange Script 2005-2006 SQL Injection Vulnerability

Exploit for unknown platform in category web applications ==================================================================== eSyndiCat Link Exchange Script 2005-2006 SQL Injection Vulnerability ====================================================================...

eSyndiCat Link Exchange Script 2005-2006 - SQL Injection

-------------------------------------------------------------- eSyndiCat Link Exchange Script - Remote SQL Injection Advisory -------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://www.esyndicat.com/ dork.....: "© 2005-20...

CVE-2006-6600

Cross-site scripting XSS vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609...

CVE-2006-5609

Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows remote attackers to list arbitrary directories via "../" sequences in the dir parameter...

CVE-2006-1493

Cross-site scripting XSS vulnerability in dir.php in Explorer XP allows remote attackers to inject arbitrary web script or HTML via the chemin parameter. NOTE: it is possible that this issue is resultant from CVE-2006-1492...

CVE-2006-1493

Cross-site scripting XSS vulnerability in dir.php in Explorer XP allows remote attackers to inject arbitrary web script or HTML via the chemin parameter. NOTE: it is possible that this issue is resultant from CVE-2006-1492...

CVE-2006-1493

CVE-2006-1493 is a cross-site scripting vulnerability in Explorer XP’s dir.php where an attacker can inject arbitrary script via the chemin parameter. The entry notes this may be related to CVE-2006-1492. No exploitation details or fixes are provided in the documents; remediation information is n...

Design/Logic Flaw

imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions...

CVE-2006-0700

The CVE-2006-0700 entry concerns imageVue 16.1, where a remote attacker can retrieve folder permission settings by directly requesting dir.php, which returns an XML listing folders and their permissions. Affected component: dir.php handler in imageVue 16.1 (XML response reveals folder permissions...