CVE-2006-5148

Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including 1 search.php, 2 message.php, 3 member.php, 4 mail.php, 5 lostpassword.php, 6...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIGmainpath parameter in 1 functions.php, 2 template.php, 3 news.php, 4 help.php, 5 mail.php, 6 Admin/admincats.php, 8 Admin/adminedit.php, 9...

ScozNews 1.2.1 - mainpath Remote File Inclusion

ScozNews 1.2.1 - mainpath Remote File Inclusion DEVIL TEAM THE BEST POLISH TEAM ScozNews v1.2.1 - Remote File Include Find by Kacper Rahim. Greetings For ALL DEVIL TEAM members, Special DragonHeart : Contact: [email protected] or http://www.devilteam.yum.pl dork: "Powered By ScozNews"...

[eVuln] Maian Weblog Multiple SQL Injection Vulnerabilities

New eVuln Advisory: Maian Weblog Multiple SQL Injection Vulnerabilities http://evuln.com/vulns/101/summary.html --------------------Summary---------------- eVuln ID: EV0101 CVE: CVE-2006-1334 Software: Maian Weblog Sowtware's Web Site: http://www.maianscriptworld.co.uk/ Versions: 2.0 Critical...

CVE-2006-1334

Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 entry and 2 email parameters to a print.php and b mail.php...

Sql injection

Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 entry and 2 email parameters to a print.php and b mail.php...

CVE-2006-1334

Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 entry and 2 email parameters to a print.php and b mail.php...

CVE-2006-1334

CVE-2006-1334 : Maian Weblog 2.0 has SQL injection in print.php and mail.php; vulnerable parameters are (1) entry and (2) email. Remote attackers could potentially execute arbitrary SQL. No patch/mitigation details are provided in the supplied documents; exploitation specifics are not described i...

CVE-2005-3770

Multiple cross-site scripting XSS vulnerabilities in PHP-Post PHPp 1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the subject in a post, or the user parameter to 2 profile.php and 3 mail.php...

[KAPDA::#14] - PHPPost XSS and HTML Injection

KAPDA New advisory Vendor: http://www.php-post.co.uk/ Vulnerable Version: v1.0 Bug: XSS and HTML Injection Exploitation: Remote with browser Description: -------------------- PHPP is a free message board powered by PHP and MySQL. Vulnerability: -------------------- HTML Injection: The software do...

CVE-2005-3770

PHP-Post (PHPp) 1.0 contains cross-site scripting (XSS) vulnerabilities exploitable via the subject field in posts or the user parameter to profile.php and mail.php. The underlying issue is arbitrary-script/HTML injection, leading to potential script execution in victims’ browsers. Affected softw...

CVE-2005-2545

Multiple cross-site scripting XSS vulnerabilities in PHPOpenChat 3.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 title or 2 content parameter to profile.php and profilemisc.php, 3 the profile fields in userpage.php, 4 subject or 5 body in mail.php, or 8...