3856 matches found
Information disclosure
admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensitive information via a direct request with an MKPATH=1 query string, which reveals the path in an error message...
CVE-2007-0194
admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensitive information via a direct request with an MKPATH=1 query string, which reveals the path in an error message...
WordPress Charset解抹SQL注入漏洞
WordPress是一款流行的网络日记程序。 WordPress处理字符集解码存在问题,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 在当PHP的mbstring扩展激活时,WordPress支持使用不同字符集解码Trackback,因为解码发送在数据库为输入数据执行选择正确的字符集之前,因此允许绕过针对SQL注入的保护。 为了演示需要,Stefan Esser建议使用UTF-7字符集来利用,因为其他的多字节字符集允许多字节序列以''结尾。...
Information disclosure
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblueorange/layout.inc.php, which reveals the path in an error message...
CVE-2007-0095
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblueorange/layout.inc.php, which reveals the path in an error message...
Important openoffice.org security update
1.1.5-6 - ensure correct permissions 1.1.5-5 - Resolves: rhbz217347 CVE-2006-5780 WMF heap overflow ooo70042 Known Issue: bz 2005: May get kde error message when exiting ooimpress and oodraw appears to be an existing problem See http://bugzilla.oracle.com for more details...
CVE-2006-6755
Ixprim 1.2 allows remote attackers to obtain sensitive information via a direct request for kernel/plugins/fckeditor2/ixprimapi.php, which reveals the path in an error message...
CVE-2006-6755
Ixprim 1.2 allows remote attackers to obtain sensitive information via a direct request for kernel/plugins/fckeditor2/ixprimapi.php, which reveals the path in an error message...
CVE-2006-6682
Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system...
CVE-2006-6682
Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system...
CVE-2006-6658
Inktomi Search 4.1.4 allows remote attackers to obtain sensitive information via direct requests with missing parameters to 1 help/header.html, 2 thesaurus.html, and 3 topics.html, which leak the installation path in the resulting error message, a related issue to CVE-2006-5970...
CVE-2006-6461
tr1.php in Yourfreeworld Stylish Text Ads Script allows remote attackers to obtain the installation path via an invalid id parameter, which leaks the path in an error message. NOTE: this issue might be resultant from CVE-2006-2508...
CVE-2006-6460
Yourfreeworld.com Short Url & Url Tracker Script allows remote attackers to obtain sensitive information via an invalid id parameter to login.php, which leaks the path in an error message. NOTE: this issue might be resultant from CVE-2006-2509...
CVE-2006-6460
Yourfreeworld.com Short Url & Url Tracker Script allows remote attackers to obtain sensitive information via an invalid id parameter to login.php, which leaks the path in an error message. NOTE: this issue might be resultant from CVE-2006-2509...
CVE-2006-6403
mystats.php in MyStats 1.0.8 and earlier allows remote attackers to obtain the installation path via 1 details and 2 by array parameters, probably resulting in a path disclosure in an error message...
CVE-2006-6403
mystats.php in MyStats 1.0.8 and earlier allows remote attackers to obtain the installation path via 1 details and 2 by array parameters, probably resulting in a path disclosure in an error message...
ECWShopindex.php远程SQL注入漏洞 Exploit
No description provided by source. 跨站脚本: http://www.victim.com/index.php?c=srch&ctg=Cat1&id=754ce025144839c2abe369c36d90d8e9&key=1&comp=1&min=1&max=scriptvar%20xss=31337;alertxss;/script 信息泄漏和可能的SQL注入:...
CVE-2006-6373
PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message...
CVE-2006-6373
PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message...
CVE-2006-6373
PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message...