Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Tyger Bug Tracking System TygerBT 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 Login.php and 2 Register.php...

CVE-2007-1291

Multiple cross-site scripting XSS vulnerabilities in Tyger Bug Tracking System TygerBT 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 Login.php and 2 Register.php...

CVE-2007-1291

Multiple cross-site scripting XSS vulnerabilities in Tyger Bug Tracking System TygerBT 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 Login.php and 2 Register.php...

OrangeHRM < 2.1 alpha 5 login.php txtUserName Parameter SQL Injection

Binary data 3928.prm...

CVE-2007-0592

CVE-2007-0592 is an XSS vulnerability in EzDatabase 2.1.3. The affected component is EzDatabase’s admin/login.php and the Admin Panel Database, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors. The NVD entry indicates a CVSSv2 base score of 6.8 (Medium) wit...

indexu-xss.txt

vulnerability script indexu all versions Found by :SwEET-DeViL & viP HaCkEr & HaCkEr sUn TeaM AL-GaRNi Application : indexu version : all versions URL : http://www.nicecoder.com/ google : "Powered by INDEXU 5." Exploits : |//1\| in upgrade.php...

vulnerability script indexu all versions

vulnerability script indexu all versions Found by :SwEET-DeViL & viP HaCkEr & HaCkEr sUn TeaM AL-GaRNi Application : indexu version : all versions URL : http://www.nicecoder.com/ google : "Powered by INDEXU 5." Exploits : |//1| in upgrade.php...

CVE-2007-0175

CVE-2007-0175 describes an XSS vulnerability in b2evolution 1.8.6, where the htsrv/login.php script accepts scriptable attributes in the redirect_to parameter to inject arbitrary HTML/JS. Connected records corroborate remote cross-site scripting due to insufficient input sanitising. Debian/DSA-15...

Information disclosure

wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks...

CVE-2007-0109

wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks...

CVE-2006-6790

Summary: CVE-2006-6790 affects Ultimate PHP Board (UPB) 2.0b1 and earlier. The vulnerability is in chat/login.php where the username parameter is written to chat/text.php without proper sanitization, allowing an attacker to inject arbitrary PHP code that can be executed with the web server user p...

Ultimate PHP Board 2.0b1 - &#039;/chat/login.php&#039; Code Execution

!/usr/bin/perl +------------------------------------------------------------------------------------------- + Ultimate PHP Board +------------------------------------------------------------------------------------------- + Details: + Ultimate PHP Board chat/login.php does not sanatize the...

CVE-2006-6460

YourFreeWorld.com Short Url & Url Tracker Script is affected by CVE-2006-6460: an invalid id parameter to login.php leaks the internal path via an error message, exposing sensitive information. The entry notes a possible relation to CVE-2006-2509. Connected sources confirm the affected product an...

Spaminator &lt;= 1.7 (page) Remote File Include Vulnerability

No description provided by source. Spaminator 1.7. $page Remote File Include CreW: ToXiC BuG Found By Drago84 SourcE CodE: http://freshmeat.net/redir/spaminator/16281/urltgz/spaminator-1.7.tar.gz Page Affect is: /src/Login.php Problem is include "$page.php"; Path : Declare $page ExpL:...

phpCC 4.2 beta (base_dir) Remote File Inclusion Vulnerability

No description provided by source. SolpotCrew Community phpCC - Beta 4.2 basedir Remote File Inclusion Download file : http://www.phpcc.at/downloadfile1.html Bug Found By :Solpot a.k.a k. Hasibuan 06-08-2006 contact: [email protected] Website : http://www.solpotcrew.org/adv/solpot-adv-05.tx...

sphpblog08-rfi.txt

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ DigitaL Hacking TeaM Sphpblog...

phpwcms <= 1.2.6 (Cookie: wcs_user_lang) Local File Include Exploit

Exploit for unknown platform in category web applications =================================================================== phpwcms = 1.2.6 Cookie: wcsuserlang Local File Include Exploit =================================================================== ? print ' ::::::::: :::::::::: ::: :::...

Fully Modded phpBB <= 2021.4.40 Multiple File Include Vulnerabilities

Exploit for unknown platform in category web applications ===================================================================== Fully Modded phpBB = 2021.4.40 Multiple File Include Vulnerabilities ===================================================================== Fully Modded phpBB 2 Remote Fi...

CVE-2006-5228

Multiple SQL injection vulnerabilities in the Google Gadget login.php gadget/login.php in Rob Hensley ackerTodo 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 uplogin, 2 uppass, or 3 upnumtasks parameters...

CVE-2006-5059

Multiple cross-site scripting XSS vulnerabilities in WWWthreads 5.4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the Cat parameter to 1 dosearch.php, 2 postlist.php, 3 showmembers.php, 4 faqenglish.php, 5 online.php, 6 login.php, 7 newuser.php, 8 wwwthreads.php,...