e-cart.biz Shopping Cart - Arbitrary File Upload

e-cart.biz Shopping Cart - Arbitrary File Upload =-=-Remote Arbitrary File Upload-=-= -=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-= script::e-cart Shopping Carts ------------------------------------------------- Author: ahmadbady =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= download...

Directory traversal

Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the HordeImage driver name...

CVE-2009-0932

Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the HordeImage driver name...

CVE-2009-0932

Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the HordeImage driver name...

Sql injection

Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the 1 answer parameter to admincp/verify.php, 2 extension parameter in an edit action to admincp/attachmentpermission.php, and the 3 iperm parameter to...

CVE-2008-5993

CVE-2008-5993 is a directory traversal flaw in Barcode Generator 1D (barcodegen) up to version 2.0.0 . The issue resides in image.php and allows remote attackers to include and execute arbitrary local files via a .. sequence in the code parameter. This results in potential arbitrary file inclusio...

CVE-2008-5310

SQL injection vulnerability in image.php in NetArt Media Car Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...

Sql injection

SQL injection vulnerability in image.php in NetArt Media Car Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2008-5310

CVE-2008-5310 describes a SQL injection vulnerability in image.php of NetArt Media Car Portal 2.0, exploitable via the id parameter to execute arbitrary SQL commands. The vulnerability is in the application layer (image.php) and structure indicates remote attacker access without authentication, w...

barcodegen-lfi.txt

:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.pl barcodegen = 2.0.0 Local File Inclusion Vulnerability Script: "Barcode Generator 1D" Script site: http://www.barcodephp.com/...

openimpro-sql.txt

OpenImpro 1.1id Sql Injection Vulnerability Author: nuclear script: http://downloads.sourceforge.net/openimpro/openimpro-1.1.zip exploit: target.com/image.php?id=-1 union select 1,2,concatfirstname,0x3a,lastname,0x3a,password,4,5,6 from imperson -- Description: when you do the injection you will ...

Sql injection

SQL injection vulnerability in image.php in OpenImpro 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2008-3599

SQL injection vulnerability in image.php in OpenImpro 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter...

OpenImpro 'image.php' SQL注入漏洞

BUGTRAQ ID:30631 CNCAN ID：CNCAN-2008081205 OpenImpro是一款基于PHP的WEB应用程序。 OpenImpro不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息或操作数据库。 问题是由于'image.php'脚本不正确过滤"id"参数，构建恶意SQL查询作为参数数据，可更改原来的SQL逻辑，可获得敏感信息或操作数据库。 OpenImpro 1.1 目前没有解决方案提供： http://sourceforge.net/projects/openimpro/...

OpenImpro 1.1 - image.php SQL Injection

OpenImpro 1.1 - image.php SQL Injection OpenImpro 1.1id Sql Injection Vulnerability Author: nuclear script: http://downloads.sourceforge.net/openimpro/openimpro-1.1.zip exploit: target.com/image.php?id=-1 union select 1,2,concatfirstname,0x3a,lastname,0x3a,password,4,5,6 from imperson --...

OpenImpro 1.1 (image.php id) SQL Injection Vulnerability

No description provided by source. OpenImpro 1.1id Sql Injection Vulnerability Author: nuclear script: http://downloads.sourceforge.net/openimpro/openimpro-1.1.zip exploit: target.com/image.php?id=-1 union select 1,2,concatfirstname,0x3a,lastname,0x3a,password,4,5,6 from imperson -- Description:...

OpenImpro 1.1 - 'image.php' SQL Injection

OpenImpro 1.1id Sql Injection Vulnerability Author: nuclear script: http://downloads.sourceforge.net/openimpro/openimpro-1.1.zip exploit: target.com/image.php?id=-1 union select 1,2,concatfirstname,0x3a,lastname,0x3a,password,4,5,6 from imperson -- Description: when you do the injection you will ...

OpenImpro 1.1 (image.php id) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================== OpenImpro 1.1 image.php id SQL Injection Vulnerability ======================================================== OpenImpro 1.1id Sql Injection Vulnerability Author: nuclear script:...

CMS from Scratch 1.1.3 - image.php Directory Traversal

CMS from Scratch 1.1.3 - image.php Directory Traversal ------------------------------------------------------------------------ CMS from Scratch special THanks to EgiX For founded it :d: Exploit : http://localhost/path/cms/images.php?dir=c: Example :...

PHPInstantGallery 2.0 - 'image.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/29152/info phpInstantGallery is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user...