DEBIAN-CVE-2010-5049

SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the navtime parameter...

Zabbix 1.8.1 SQL Injection

Exploit Title: Zabbix =0' ORDER BY e.clock DESC LIMIT 1001 OFFSET 0 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' ORDER BY e.clock DESC LIMIT 1001 OFFSET 0' at line 1 mysqlfetchassoc: supplied argument is n...

Zabbix <= 1.8.1 SQL Injection Vulnerability

Exploit for php platform in category web applications =========================================== Zabbix =0' ORDER BY e.clock DESC LIMIT 1001 OFFSET 0 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' ORDER BY...

CVE-2008-4426

Cross-site scripting XSS vulnerability in events.php in Phlatline's Personal Information Manager pPIM 1.0 allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action...

Ppim &lt;= 1.0 (Arbitrary File Delete/XSS) Multiple Vulnerabilities

No description provided by source. Author : BeyazKurt Contact : [email protected] Script : Ppim v1.0 Bu ne bicim script adidir amk :D Download : http://scripts.ringsworld.com/organizers/ppim.zip D0rk : inurl:events.php?listallevents File Delete Vulnerability: upload.php...

pPIM 1.0 - Arbitrary File Delete Cross-Site Scripting

pPIM 1.0 - Arbitrary File Delete Cross-Site Scripting Author : BeyazKurt Contact : [email protected] Script : Ppim v1.0 Bu ne bicim script adidir amk :D Download : http://scripts.ringsworld.com/organizers/ppim.zip D0rk : inurl:events.php?listallevents File Delete Vulnerability: upload.php...

pPIM 1.0 - Arbitrary File Delete / Cross-Site Scripting

Author : BeyazKurt Contact : [email protected] Script : Ppim v1.0 Bu ne bicim script adidir amk :D Download : http://scripts.ringsworld.com/organizers/ppim.zip D0rk : inurl:events.php?listallevents File Delete Vulnerability: upload.php...

Sql injection

SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action...

CVE-2008-1859

SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action...

CVE-2008-1859

CVE-2008-1859 is a confirmed SQL injection in iScripts SocialWare . The vulnerability resides in events.php and is exploitable via the id parameter in a show action, enabling remote attackers to execute arbitrary SQL commands. This is supported by multiple sources within the connected documents, ...

WorkingOnWeb Events.PHP SQL注入漏洞

WorkingOnWeb是一款基于PHP的WEB应用程序。 WorkingOnWeb不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是由于'Events.PHP'脚本对用户提交的'idevent'参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或可能操作数据库。 Flor de Utopia WorkingOnWeb 2.0.1400 目前没有解决方案提供： http://www.workingonweb.com/...

CVE-2007-6128

SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote attackers to execute arbitrary SQL commands via the idevent parameter...

CVE-2007-6128

SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote attackers to execute arbitrary SQL commands via the idevent parameter...

WorkingOnWeb 2.0.1400 - events.php SQL Injection

WorkingOnWeb 2.0.1400 - events.php SQL Injection WorkingOnWeb 2.0.1400 Remote SQL Injection d0rk: Powered by WorkingOnWeb 2.0.1400 bug found by ka0x - D.O.M TEAM contact: ka0x01!gmail.com we: ka0x, an0de, xarnuz, s0cratex, Hendrix from spain 1: vulnerability in line 4. user and password from...

Design/Logic Flaw

SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain linkdate parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows...

CVE-2007-5128

SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain linkdate parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows...

CVE-2007-1128

shopkitplus allows remote attackers to obtain sensitive information via a request to 1 events.php with a curmonth=01 query string or 2 enc/stylecss.php with a changetheme= query string, which reveals the path in various error messages...

CVE-2007-1128

CVE-2007-1128 affects shopkitplus. The issue is an information disclosure where requests to (1) events.php with curmonth[]=01 or (2) enc/stylecss.php with changetheme[]= reveal the installation path in error messages. The affected component is PHP-based endpoints; root cause is improper handling ...

shopkitplus local file include

lfi: /shopkitplus/enc/stylecss.php?changetheme=../../../../../../../../../../../../etc/passwd full path: /shopkitplus/events.php?curmonth=01 /shopkitplus/enc/stylecss.php?changetheme= regards laurent gaffie...

CVE-2005-4821

Multiple SQL injection vulnerabilities in Land Down Under LDU v801 and earlier allow remote attackers to execute arbitrary SQL commands via parameters including 1 the m parameter in auth.php, 2 the f parameter in events.php, or 3 the e parameter in plug.php...