osCommerce 2.2 admin/manufacturers.php page Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the...

Magic Photo Storage Website user/upload_photo.php _config[site_path] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...

IISProtect 2.1/2.2 Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7661/info http://www.example.com/%70rotected/secret.html http://www.example.com/protected%2fsecret.html...

miniBB RSS 2.0 Plugin Multiple Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/30421/info The RSS plugin for miniBB is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues can allow an attacker to compromise the...

Magic Photo Storage Website user/delete_category.php _config[site_path] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...

Land Down Under 800 index.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14619/info Land Down Under is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these...

Web News 1.1 news.php config[root_ordner] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/25257/info WebNews is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow an attacker to compromise the application and th...

MyNews 1.6.x 'hash' Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27652/info MyNews is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

Magic Photo Storage Website user/user_membership_password.php _config[site_path] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...

Jack (tR) Jax LinkLists 1.00 - 'jax_linklists.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28518/info Jax LinkLists is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of a...

myBloggie 2.1.2/2.1.3 delcat.php cat_id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

PHPOutSourcing Zorum 3.x Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8388/info A cross-site scripting vulnerability has been reported in the index.php script of PHPOutSourcing Zorum. Because of this, an attacker may be able to execute HTML and script code in the browsers of target users in...

Magic Photo Storage Website user/logout.php _config[site_path] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...

I-Gallery Folder Argument Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14002/info i-Gallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'folder' parameter of 'folderview.asp'. An attacker...

Magic Photo Storage Website user/login.php _config[site_path] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...

File Uploader 1.1 index.php config[root_ordner] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/25253/info File Uploader is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow an attacker to compromise the application...

PHP Address Book - addressbookregistertraffic.php?var SQL Injection

PHP Address Book - addressbookregistertraffic.php?var SQL Injection source: https://www.securityfocus.com/bid/58911/info PHP Address Book is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. A successful exploit may allow an attacker to...

Rebus:list SQL Injection

Exploit Title: Rebus:list SQL Injection Vulnerability Date: 3/18/2013 Vendor Homepage: http://www.ptfs-europe.com/products/rebus/rebuslist/ Author: Robert Cooper robert.cooper at areyousecure.net Tested on: Linux/Windows 7 Vulnerable Parameters: listid= Google Dork: intext: Powered by rebus:list...

WordPress Plugin Mz-jajak 2.1 - SQL Injection

Exploit Title: WordPress Mz-jajak plugin query"UPDATE " . $tablename . " SET ".$answert."=".$answert."+1 WHERE id=".$id; $rows = $wpdb-getresults"SELECT FROM " . $tablename . " WHERE id=".$id; Greetz: T0r3x, m1l05, JuMp-Er, EsC, UNICORN, Xermes, s4r4d0...

Luftguitar CMS (Upload Arbitrary File) Vulnerability

Exploit for asp platform in category web applications ==================================================== Luftguitar CMS Upload Arbitrary File Vulnerability ==================================================== Title : Luftguitar CMS Vulnerability: Upload arbitrary file Affected Version :...