1444 matches found
CVE-2007-4307
Storesprite 7 and earlier suffer multiple XSS vulnerabilities that allow remote attackers to inject arbitrary web script or HTML via the next parameter to addaddress.php, editshipdetails.php, register.php, or login.php in the secure/ path. The affected component is the web application Storesprite...
PhpHostBot Login.PHP远程文件包含漏洞
PhpHostBot是一款基于PHP的WEB应用程序。 PhpHostBot不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以应用程序进程权限执行任意命令。 问题是由于'Login.PHP'脚本对用户提交的'svrrootscript'参数缺少过滤,提交远程服务器上的任意PHP文件作为包含对象,可导致以WEB权限执行任意PHP代码。 PhpHostBot 1.06 目前没有解决方案提供: http://www.idevspot.com/PhpHostBot.php...
Unfixed XSS vulnerability at www.eetechbrief.com
Security researcher Narcoticxs, has submitted on 08/08/2007 a cross-site-scripting XSS vulnerability affecting www.eetechbrief.com, which at the time of submission ranked 8475386 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/08/2007. It is...
CVE-2007-4021
CVE-2007-4021 affects Brain Book Software Secure 1.0.20070629 and earlier. The vulnerability is multiple XSS in login.php, exploitable via the (1) user and (2) pwd parameters, enabling remote attackers to inject arbitrary script/HTML into victims’ browsers. Root cause: reflected XSS in login hand...
CVE-2007-4021
Multiple cross-site scripting XSS vulnerabilities in login.php in Brain Book Software Secure 1.0.20070629 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 user and 2 pwd parameters...
Directory traversal
Directory traversal vulnerability in login.php in Maia Mailguard 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the lang parameter...
CVE-2007-3627
Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to 1 login.php, 2 auth.php, and 3 subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009...
Sql injection
SQL injection vulnerability in login.php in WebChat 0.78 allows remote attackers to execute arbitrary SQL commands via the rid parameter...
CVE-2007-3534
SQL injection vulnerability in login.php in WebChat 0.78 allows remote attackers to execute arbitrary SQL commands via the rid parameter...
CVE-2007-3534
CVE-2007-3534 is a SQL injection vulnerability in WebChat 0.78, specifically in login.php where the rid parameter is exploited to execute arbitrary SQL commands. Affected component is WebChat’s login routine; root cause is improper input handling leading to SQL injection. Impact per sources is pa...
webchat-sql.txt
webchat 0.78 Class: SQL Injection Published 28/06/2007 Remote: Yes Critical Level : Dangerous Site: http://sourceforge.net/projects/webdev-webchat/ Download: http://downloads.sourceforge.net/webdev-webchat/webchat-078.zip?modtime=1046649600&bigmirror=0 Vulnerable code: login.php...
WebChat 0.78 - 'login.php?rid' SQL Injection
webchat 0.78 Class: SQL Injection Published 28/06/2007 Remote: Yes Critical Level : Dangerous Site: http://sourceforge.net/projects/webdev-webchat/ Download: http://downloads.sourceforge.net/webdev-webchat/webchat-078.zip?modtime=1046649600&bigmirror=0 Author: r00t Vulnerable code: login.php...
WebChat 0.78 (login.php rid) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications =============================================================== WebChat 0.78 login.php rid Remote SQL Injection Vulnerability =============================================================== webchat 0.78 Class: SQL Injection Published...
Sql injection
SQL injection vulnerability in include/getuserdata.php in Power Phlogger PPhlogger 2.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.php...
Sql injection
Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote attackers to execute arbitrary SQL commands via 1 the loginusername parameter to login.php or 2 the item parameter to news.php...
CVE-2007-3313
Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote attackers to execute arbitrary SQL commands via 1 the loginusername parameter to login.php or 2 the item parameter to news.php...
CVE-2007-3129
CVE-2007-3129 concerns an XSS vulnerability in Utopia News Pro 1.4.0, specifically in login.php where the password parameter can be exploited to inject script/HTML. The vulnerability is described across multiple sources (NVD, CVE records, and Full-Disclosure material), with exploitation details i...
CVE-2007-3243
Cross-site scripting XSS vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header...
phpmydesk-rfi.txt
script:PHPMyDesk Beta Release 1.0b == RFI dir url:http://www.cynux.com/phpmydesk/ author: titanichacker contact:[email protected] H.P : http://hack-teach.com & mohandko.com & tryag.com bug in: ./index.php include$langmod; ./login.php include$langmod; ./logout.php include$langmod;...
PBLang <= 4.67.16.a login.php lang Parameter Traversal Local File Inclusion
Binary data 4078.prm...