Cross site scripting

Cross-site scripting XSS vulnerability in edit.php in wellyblog allows remote attackers to inject arbitrary web script or HTML via the articleid parameter in an add action...

CVE-2008-5205

Cross-site scripting XSS vulnerability in edit.php in wellyblog allows remote attackers to inject arbitrary web script or HTML via the articleid parameter in an add action...

SlimCMS <= 1.0.0 (edit.php) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ======================================================== SlimCMS 2 114. $query = "UPDATE pages SET title = '".$POST'pageTitle'."', content = '". striptagsstripslashes$POST'cmsText',$allowedTags."' WHERE ID = ".$GET'pageID'; 115...

SlimCMS 1.0.0 - edit.php SQL Injection

SlimCMS 1.0.0 - edit.php SQL Injection !/usr/bin/perl =starting -------------------------------------------------------- SlimCMS 2 114. $query = "UPDATE pages SET title = '".$POST'pageTitle'."', content = '". striptagsstripslashes$POST'cmsText',$allowedTags."' WHERE ID = ".$GET'pageID'; 115...

U-Mail edit.php任意文件上传漏洞

BUGTRAQ ID: 32013 CVECAN ID: CVE-2008-4932 U-Mail专家级邮件系统是福洽科技最新推出的第四代企业邮局系统。 U-Mail邮件系统的edit.php文件没有正确地处理HTTP POST参数，远程攻击者可以通过提交恶意请求向webroot下的任意文件写入数据。如果向带有.php扩展的文件写入了PHP代码的话，就可能导致执行任意代码。 ComingChina.com U-Mail 4.91 ComingChina.com --------------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

U-Mail Webmail &#39;edit.php&#39; Arbitrary File Write Vulnerability

U-Mail Webmail Arbitrary File Write Vulnerability ================================================== Vulnerable: U-Mail 4.91 Vendors: www.comingchina.com Category: Input Validation Error Impact: An attacker can write arbitrary data to new files. Author: Shennan Wang Date: 2008-10-30 Web:...

U-Mail Webmail 4.91 - edit.php Arbitrary File Write

U-Mail Webmail 4.91 - edit.php Arbitrary File Write U-Mail Webmail Arbitrary File Write Vulnerability ================================================== Vulnerable: U-Mail 4.91 Vendors: www.comingchina.com Category: Input Validation Error Impact: An attacker can write arbitrary data to new files...

U-Mail Webmail 4.91 - &#039;edit.php&#039; Arbitrary File Write

U-Mail Webmail Arbitrary File Write Vulnerability ================================================== Vulnerable: U-Mail 4.91 Vendors: www.comingchina.com Category: Input Validation Error Impact: An attacker can write arbitrary data to new files. Author: Shennan Wang Date: 2008-10-30 Web:...

mini-pub 0.3 - Local Directory Traversal File Disclosure

mini-pub 0.3 - Local Directory Traversal File Disclosure | | | \ \ \ / / / \ / | / | / | | | | | | \ V / / \ | | | | | | | | | | | / \ | || | | | | | || || \ || // \ | | | mini-pub.php = v0.3 Local Directory Traversal / File Disclosure Vulnerabilities Script : http://mini-pub.sourceforge.net/...

CVE-2008-4499

Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. dot dot in the 1 refer parameter to main.php and the 2 file parameter to edit.php...

phpwebexplorer-lfi.txt

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- PHPWebExplorer eNYe-Sec - www.enye-sec.org -- Exploit -- If you have access to the control panel: http://localhost/main.php?refer=d&d=../../../etc http://localhost/edit.php?file=../../../etc/passwd If you are not a register user but you...

linkbid-sql.txt

Link Bid Script 1.5 Multiple Remote SQL Injection + Discovered By SirGod + wWw.MorTal-TeaM.OrG + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,HrN,kemrayz,007m,Raven,Nytr0gen,str0ke + Remote SQL Injection - Note : For PoC 2 you need administrative rights. PoC 1 :...

sportsclub-sql.txt

...::::: Sports Clubs Web Panel 0.0.1 SQL Injection Vulnerability ::::.... Virangar Security Team www.virangar.net -------- Discoverd By :virangar security teamZahra:zhvirangar special tnx :my master hadihadi tnx to:MR.nosrati,black.shadowes,MR.hesy,Ali007 & all virangar members & all hackerz...

PHP-Address Book &lt;= 3.1.5 (SQL/XSS) Multiple Vulnerabilities

No description provided by source. ============================================================ PHP-Address Book SQL/XSS Multiple Remote Vulnerabilities ============================================================ ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH...

phpaddress-sqlxss.txt

============================================================ PHP-Address Book SQL/XSS Multiple Remote Vulnerabilities ============================================================ ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...

PHP-Address Book 3.1.5 - SQL Injection Cross-Site Scripting

PHP-Address Book 3.1.5 - SQL Injection Cross-Site Scripting ============================================================ PHP-Address Book SQL/XSS Multiple Remote Vulnerabilities ============================================================ ,--^----------,--------,-----,-------^--, | |||||||||...

PHP-Address Book 3.1.5 - SQL Injection / Cross-Site Scripting

============================================================ PHP-Address Book SQL/XSS Multiple Remote Vulnerabilities ============================================================ ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...

Sql injection

Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 siteadmin/article-edit.php; and unspecified parameters to 2 submitted-edit.php, 3 page-edit.php, 4 section-edit.php, 5 staff-edit.php, and 6...

CVE-2008-0193

Cross-site scripting XSS vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php...

Cross site scripting

Cross-site scripting XSS vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php...