Rips Scanner 0.5 Local File Inclusion

================================================================================ Rips Scanner 0.5 - Local File Inclusion ================================================================================ Vendor Homepage: https://github.com/robocoder/rips-scanner Date: 24/12/2015 Software Link:...

Easy2Map <= 1.24 - SQL Injection

The Function.php file uses sprintf to format queries being sent to the database, this doesn't provide proper sanitisation of user input or properly parameterises the query. PoC $ sqlmap -u 'http://www.example.com/wp-admin/admin-ajax.php' --data="mapID=11='+or+1%3D%3D1%3B=e2mimgsavemapname"...

Sisplet CMS (index.php id) 2008-01-24 - Remote SQL Injection Vulnerability

No description provided by source. ================================================================= Sisplet CMS index.php id Remote SQL Injection Vulnerability ================================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O...

kontakt formular 1.4 - Remote File Inclusion Vulnerability

No description provided by source. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + Kontakt Formular 1.4 Remote File Inclusion Vulnerability + + + + Discovered by bd0rk + + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Vendor: http://www.mapos-scripts.de Downloa...

playSMS 0.9.3 - Multiple Remote/Local File Inclusion Vulnerabilities

No description provided by source. ==:RFI/LFI:== ===================== script:playsms 0.9.3 ========================================================================== download from:http://downloads.sourceforge.net/playsms/playsms-0.9.3.tar.gz?modtime=1211284086&bigmirror=0...

Kemana Directory 'function.php' CAPTCHA安全绕过漏洞

Bugtraq ID:66436 Kemana Directory是一款基于WEB的目录服务。 Kemana Directory CAPTCHA函数存在一个安全漏洞，允许攻击者利用漏洞绕过基于CAPTCHA的验证挑战，进行暴力破解攻击。 0 Kemana Directory 1.5.6 目前没有详细解决方案提供： http://www.c97.net...

B2Bbuilder 6.6 /includes/function.php SQL注入漏洞

No description provided by source...

CVE-2012-5326

Cross-site request forgery CSRF vulnerability in admin/function.php in IDevSpot iSupport 1.x allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via an administrators action...

CVE-2012-5326

CVE-2012-5326 affects IDevSpot iSupport 1.x. The vulnerability is a CSRF in admin/function.php that allows remote attackers to hijack administrator authentication to perform actions that add administrator accounts. The connected documents provide the same description and do not specify exploitati...

MigasCMS 1.0 SQL Injection vulnerabilities

No description provided by source. Title: MigasCMS 1.0 SQL Injection Download: http://www.sebrac.webcindario.com/cms/ AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory:...

CVE-2010-2012

Overview: CVE-2010-2012 describes an SQL injection in MigasCMS 1.1. Affected software/component: MigasCMS 1.1; vulnerable code path is in function.php. Root cause / trigger: When magic_quotes_gpc is disabled, an attacker can manipulate the categorie parameter in a catalogo action to execute arbit...

MigasCMS 1.0 SQL Injection

Title: MigasCMS 1.0 SQL Injection Download: http://www.sebrac.webcindario.com/cms/ AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory: http://www.itsecteam.com/en/vulnerabilities/vulnerability54.htm Thanks:...

Cross site scripting

Cross-site scripting XSS vulnerability in function.php in Zenphoto 1.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the "request logging" feature. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2008-6925

Cross-site scripting XSS vulnerability in function.php in Zenphoto 1.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the "request logging" feature. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2008-6925

Zenphoto 1.1.7 contains a Cross‑Site Scripting (XSS) flaw in function.php, exploitable via the \

Redaxscript 0.2.0 (language) Local File Inclusion Vulnerability

No description provided by source. + Redaxscript 0.2.0 index.php language Local File Inclusion Vulnerability + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + Local File Inclusion index.php : -----------------------------------------------------------------...

Redaxscript 0.2.0 (language) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications =============================================================== Redaxscript 0.2.0 language Local File Inclusion Vulnerability =============================================================== + Redaxscript 0.2.0 index.php language Local File...

RedaxScript 0.2.0 - Language Local File Inclusion

RedaxScript 0.2.0 - Language Local File Inclusion + Redaxscript 0.2.0 index.php language Local File Inclusion Vulnerability + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + Local File Inclusion index.php : -----------------------------------------------------------------...

Akira Powered Image Gallery 'function.php' SQL注入漏洞

BUGTRAQ ID: 31286 CNCAN ID：CNCAN-2008092301 Akira Powered Image Gallery是一款基于PHP的WEB应用程序。 Akira Powered Image Gallery不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可能获得敏感信息或操作数据库。 问题由于'function.php'脚本对用户提交给'page'参数缺少过滤，构建恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 Akira Powered Image Gallery 0.9.6.2 目前没有解决方案提供：...

Sisplet CMS (index.php id) Remote SQL Injection Vulnerability

No description provided by source. ================================================================= Sisplet CMS index.php id Remote SQL Injection Vulnerability ================================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O...