192 matches found
Webit Cms (XSS/HTML) Injection Vulnerabilities
Exploit for php platform in category web applications ============================================== Webit Cms XSS/HTML Injection Vulnerabilities ============================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, ...
Webit CMS - SQL Injection
------------------------------------------------------------------------------------------- Webit Cms SQL Injection Vulnerability ------------------------------------------------------------------------------------------- Author: CoBRa21 Script Home: http://www.webitcms.gr Dork: powered by webit!...
Centreon 'main.php' SQL Injection Vulnerability
Centreon is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying...
Faweb_2 Mullti Vulnerability
Exploit for php platform in category web applications ============================ Faweb2 Mullti Vulnerability ============================ ======================================================================================== | Title : Faweb2 Mullti Vulnerability | Author : indoushka | email :...
Unfixed XSS vulnerability at www.sacp.org.za
Security researcher wolfmankurd, has submitted on 03/08/2010 a cross-site-scripting XSS vulnerability affecting www.sacp.org.za, which at the time of submission ranked 2117431 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 15/12/2011. It is...
SilverStripe debug_profile Parameter Information Disclosure
The SilverStripe CMS install hosted on the remote web server is affected by an information disclosure vulnerability because it fails to properly handle the 'debugprofile' parameter of the 'sapphire/main.php' script when running in live mode. An attacker, exploiting this flaw, can gain sensitive...
TenderSystem 0.9.5 Beta Local File Inclusion
. . \ \ | | / | | / / || | | /\ \ / | |/ // \ / |/ \ \ \ | \ | | / \ | | \ | \ |\ /| || / / / / / / / / / ------------------------------------------------------------------------------------------- Note: TESTED LOCALLY WITH XAMPP FOR WINDOWS I was unable to get this to work on a...
Tender System 0.9.5b LFI
Exploit for unknown platform in category web applications ======================== Tender System 0.9.5b LFI ======================== . . \ \ | | / | | / / || | | /\ \ / | |/ // \ / |/ \ \ \ | \ | | / \ | | \ | \ |\ /| || / / / / / / / / /...
Tender System 0.9.5b - Local File Inclusion
. . \ \ | | / | | / / || | | /\ \ / | |/ // \ / |/ \ \ \ | \ | | / \ | | \ | \ |\ /| || / / / / / / / / / ------------------------------------------------------------------------------------------- Note: TESTED LOCALLY WITH XAMPP FOR WINDOWS I was unable to get this to work on a...
Unfixed XSS vulnerability at www.mbon.org
Security researcher jath, has submitted on 17/09/2009 a cross-site-scripting XSS vulnerability affecting www.mbon.org, which at the time of submission ranked 556678 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 19/09/2009. It is currently...
CVE-2009-3205
SQL injection vulnerability in main.php in CBAuthority allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewproduct action...
Sql injection
SQL injection vulnerability in main.php in CBAuthority allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewproduct action...
CVE-2009-3205
The CVE-2009-3205 entry concerns an SQL injection vulnerability in CBAuthority’s main.php, exploitable through the id parameter in a view_product action. The underlying flaw allows remote attackers to alter the SQL executed by the application, leading to potential arbitrary SQL execution with the...
CVE-2009-3205
SQL injection vulnerability in main.php in CBAuthority allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewproduct action...
Remote file inclusion
PHP remote file inclusion vulnerability in admin/plugins/OnlineUsers/main.php in PageTree CMS 0.0.2 BETA 0001 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSPTConfigdirdata parameter...
Directory traversal
Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when registerglobals is enabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the xoopsConfiglanguage parameter to 1 blocks.php and 2 main.php in xoopslib/modules/protector/...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ScriptsEz Easy Image Downloader allow remote attackers to inject arbitrary web script or HTML via the id parameter in a detail action to 1 main.php and possibly 2 demopage.php...
CVE-2009-2551
Multiple cross-site scripting XSS vulnerabilities in ScriptsEz Easy Image Downloader allow remote attackers to inject arbitrary web script or HTML via the id parameter in a detail action to 1 main.php and possibly 2 demopage.php...
WP-Lytebox 'pg' Parameter Local File Inclusion
The remote host is running WP-Lytebox, a plugin for WordPress that uses Lytebox to add a lightbox functionality to HTML content. The version of WP-Lytebox installed on the remote host fails to filter user-supplied input to the 'pg' parameter of the 'main.php' script before using it to include PHP...
SolucionXpressPro - 'main.php' SQL Injection
source: https://www.securityfocus.com/bid/33111/info SolucionXpressPro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or...