103 matches found
MyPHP Forum 'faq.php' and 'member.php' Multiple SQL Injection Vulnerabilities
MyPHP Forum is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in t...
myphp-sql.txt
Name : MyPHP Forum So we can execute an sql injection thrught the bugged variable $id. PoC: http://Site/faq.php?action=view&id=-1'+union+select+1,concatusername,0x3a,password,3+from+tableprefixmember+where+uid=1/ Sql injection in member.php So $member variable isn't controlled so we can exploit i...
MyPHP Forum 3.0 (Final) - Multiple SQL Injections
Name : MyPHP Forum So we can execute an sql injection thrught the bugged variable $id. PoC: http://Site/faq.php?action=view&id=-1'+union+select+1,concatusername,0x3a,password,3+from+tableprefixmember+where+uid=1/ Sql injection in member.php So $member variable isn't controlled so we can exploit i...
NetBizCity FaqMasterFlexPlus - faq.php Cross-Site Scripting
NetBizCity FaqMasterFlexPlus - faq.php Cross-Site Scripting source: https://www.securityfocus.com/bid/27051/info FaqMasterFlexPlus is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFLFILEROOT parameter to 1 admin.php, 2 custompages.php, 3 draft.php, 4 faq.php, 5 leagues.php, 6 livedraft.php, 7 login.php, 8 myteam.php, 9 profile.php, 10...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the 1 s parameter to index.php, and the 2 q parameter to a faq.php, b member.php, c memberlist.php, d calendar.php, e search.php, f forumdisplay.php, g...
CVE-2007-4453
Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the 1 s parameter to index.php, and the 2 q parameter to a faq.php, b member.php, c memberlist.php, d calendar.php, e search.php, f forumdisplay.php, g...
CVE-2007-2493
PHP remote file inclusion vulnerability in faq.php in the FAQ & RULES 2.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the modulerootpath parameter...
CVE-2007-2493
PHP remote file inclusion vulnerability in faq.php in the FAQ & RULES 2.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the modulerootpath parameter...
CVE-2007-2493
CVE-2007-2493 affects the mxBB FAQ & RULES 2.0.0 and earlier module. The vulnerability is a PHP remote file inclusion in faq.php, exploitable via a malicious URL supplied to the module_root_path parameter, which allows an attacker to execute arbitrary PHP code on the server. The NVD entry lists t...
PcP-Guestbook 3.0 (lang) Local File Inclusion Vulnerabilities
.-""""""""-. / Dj7xpl | | |, .-. .-. ,| | o/ o | |/ / | @ ^^ |IIIIII|/ @8@8|-IIIIII/-| / / @ +Iranian Are The Best In World+ Portal.......: PcP-Book 3.0 Site.........: http://www.pcp-system.at Down.........: http://www.ectona.org/download/?id=621&...
Directory traversal
Multiple directory traversal vulnerabilities in PcP-Guestbook PcP-Book 3.0 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the lang parameter to 1 index.php, 2 gb.php, or 3 faq.php...
PcP-Guestbook 3.0 (lang) Local File Inclusion Vulnerabilities
Exploit for unknown platform in category web applications ============================================================= PcP-Guestbook 3.0 lang Local File Inclusion Vulnerabilities ============================================================= .-""""""""-. / Dj7xpl \ | | |, .-. .-. ,| | o/ \o | |/ ...
CVE-2006-7115
SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php...
CVE-2007-1012
Cross-site scripting XSS vulnerability in faq.php in DeskPRO 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the article parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in faq.php in DeskPRO 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the article parameter...
CVE-2007-1012
CVE-2007-1012 is a Cross-Site Scripting (XSS) vulnerability in DeskPRO 1.1.0, exploitable via the article parameter in faq.php. The issue stems from improper handling of user input, allowing remote attackers to inject arbitrary web script or HTML. The NVD notes a CVSSv2 base score of 4.3 (Medium)...
CVE-2007-1012
Cross-site scripting XSS vulnerability in faq.php in DeskPRO 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the article parameter...
XSS in [deskpro.com v1.1.0 ]
hey guys .. check out this new xss i just found ;P Vulnerable : deskpro.com v1.1.0 web : http://www.deskpro.com, http://customers.qwk.net Version : v1.1.0 XSS : http://127.0.0.1/dp/faq.php?article="scriptalert'bl4ck'/script Discovered By BLacK ZeRo K.S.A [email protected] Best regards ,,...
Sql injection
SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...