CVE-2008-4526

Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the skin parameter to 1 index.php, 2 forums.php, 3 admin.php, 4 header.php, 5 pages/story.php and 6 pages/poll.php...

Directory traversal

Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the skin parameter to 1 index.php, 2 forums.php, 3 admin.php, 4 header.php, 5 pages/story.php and 6 pages/poll.php...

CCMS 3.1 - skin Local File Inclusion

CCMS 3.1 - skin Local File Inclusion + CCMS 3.1 skin Multiple Local File Inclusion Vulnerabilities + Discovered By SirGod + wWw.MorTal-TeaM.OrG + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,HrN,kemrayz,007m,Raven,Nytr0gen,str0ke + Download Script :...

CoAST 0.95 (sections_file) Remote File Inclusion Vulnerability

No description provided by source. Author : By DaRkLiFe Greetz : str0ke & S.VV.A.T. Script : The Concord Asset, Software, and Ticket systemCoAST 0.95 Remote File Inclusion Vulnerability Download :http://downloads.sourceforge.net/coastal/coast-0.95.tgz?modtime=1222363198&bigmirror=0 Exploit :...

coast-rfi.txt

Author : By DaRkLiFe Greetz : str0ke & S.VV.A.T. Script : The Concord Asset, Software, and Ticket systemCoAST 0.95 Remote File Inclusion Vulnerability Download :http://downloads.sourceforge.net/coastal/coast-0.95.tgz?modtime=1222363198&bigmirror=0 Exploit :...

CoAST 0.95 (sections_file) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ============================================================== CoAST 0.95 sectionsfile Remote File Inclusion Vulnerability ============================================================== Script : The Concord Asset, Software, and Ticket...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Pluck 4.5.2, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 langfooter parameter to a data/inc/footer.php; the 2 pluckversion, 3 langinstall22, 4 titelkop, 5 langkop1, 6 langkop2, 7...

hedgehog-lfi.txt

┌┌───────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐...

Hedgehog-CMS 1.21 (header.php) Local File Inclusion Vulnerability

No description provided by source. ┌┌───────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r...

CVE-2008-2204

Maian Search 1.1 has multiple XSS vulnerabilities in admin/inc/header.php, exploitable via the nine parameters (header, header2, ..., header9). Remote attackers can inject arbitrary script/HTML, as described in CVE-2008-2204. The connected documents do not provide remediation details or patch inf...

CVE-2008-2188

Multiple cross-site scripting XSS vulnerabilities in EJ3 BlackBook 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 bookCopyright and 2 ver parameters to a footer.php, and the 3 bookName, 4 bookMetaTags, and 5 estiloCSS parameters to b header.php...

maiancart-xss.txt

---------------------------------------------------------------- Script : Maian Cart v1.1 Type : XSS Vulnerabilities ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Or Dr.Crash Our Team : IRCRASH...

maiansearch-sqlxss.txt

---------------------------------------------------------------- Script : Maian Search v1.1 Type : Multiple Vulnerabilities XSS/SQL INJECTION ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Or Dr.Crash Our Team : IRCRASH...

Maian Cart v1.1 XSS Vulnerabilities

---------------------------------------------------------------- Script : Maian Cart v1.1 Type : XSS Vulnerabilities ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Or Dr.Crash Our Team : IRCRASH...

Affiliate Market Ver.0.1 BETA (language) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications =========================================================================== Affiliate Market Ver.0.1 BETA language Local File Inclusion Vulnerability =========================================================================== Affiliate...

CVE-2007-5139

CVE-2007-5139 affects chupix 0.2.3 and relates to a PHP remote file inclusion in admin/include/header.php when register_globals is enabled. The vulnerability allows an attacker to execute arbitrary PHP code by supplying a URL in the repertoire parameter. Root cause is the unsafe handling of user-...

Chupix CMS 0.2.3 - repertoire Remote File Inclusion

Chupix CMS 0.2.3 - repertoire Remote File Inclusion chupix 0.2.3 /admin/include/header.php RFI f0und by 0in contact: [email protected] Greetings to:Die-angel,Slim,Joker186,Kaja,Artysta,wojto111,reydex team:Our Dark-Coders team;...

Chupix CMS 0.2.3 - 'repertoire' Remote File Inclusion

chupix 0.2.3 /admin/include/header.php RFI f0und by 0in contact: [email protected] Greetings to:Die-angel,Slim,Joker186,Kaja,Artysta,wojto111,reydex team:Our Dark-Coders team; --------------------------------------------------------------------------------------------------------------------...

online-rfi.txt

--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Multiple...

Toms Gastebuch 1.00/1.01 - 'header.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/25598/info Toms Gastebuch is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in...