Lucene search
K

176 matches found

seebug.org
seebug.org
added 2008/11/05 12:0 a.m.48 views

Discuz! member.php xss漏洞

member.php代码: if!empty$listgid && $listgid == intval$GET'listgid' //这里用的等于==而不是全等===进行的比较,且$listgid并没有初始化: $type = $adminid == 1 ? 'grouplist' : $type; else $listgid = ''; ... $multipage = multi$num, $memberperpage, $page,...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2008/10/30 12:0 a.m.39 views

MyPHP Forum 3.0 - Edit Topics / Blind SQL Injection

/ ----------------------------------------------------------------------------------- MyPHP Forum Final = 3.0 Edit Topics/Blind SQL Injection Remote Vulnerabilities ----------------------------------------------------------------------------------- Discovered By StAkeRathotmaildotit Download On...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2008/10/30 12:0 a.m.25 views

myphpforum-sql.txt

/ ----------------------------------------------------------------------------------- MyPHP Forum Final = 3.0 Edit Topics/Blind SQL Injection Remote Vulnerabilities ----------------------------------------------------------------------------------- Discovered By StAkeRathotmaildotit Download On...

7.4AI score
Exploits0
CVE
CVE
added 2008/07/02 5:0 p.m.42 views

CVE-2008-2963

CVE-2008-2963 affects MyBlog via Multiple SQL injection vulnerabilities. The issues occur in the web app’s PHP files where unsafely handled user input is used in SQL queries: the view parameter to index.php, and the id parameter to member.php and post.php. Root cause is improper input handling le...

6.8CVSS8.5AI score0.00909EPSS
Exploits1References3Affected Software1
seebug.org
seebug.org
added 2008/01/01 12:0 a.m.19 views

MyPHP Forum 'faq.php' and 'member.php' Multiple SQL Injection Vulnerabilities

MyPHP Forum is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in t...

7.5AI score
Exploits0
Packet Storm
Packet Storm
added 2007/12/31 12:0 a.m.30 views

myphp-sql.txt

Name : MyPHP Forum So we can execute an sql injection thrught the bugged variable $id. PoC: http://Site/faq.php?action=view&id=-1'+union+select+1,concatusername,0x3a,password,3+from+tableprefixmember+where+uid=1/ Sql injection in member.php So $member variable isn't controlled so we can exploit i...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2007/12/31 12:0 a.m.62 views

MyPHP Forum 3.0 (Final) - Multiple SQL Injections

Name : MyPHP Forum So we can execute an sql injection thrught the bugged variable $id. PoC: http://Site/faq.php?action=view&id=-1'+union+select+1,concatusername,0x3a,password,3+from+tableprefixmember+where+uid=1/ Sql injection in member.php So $member variable isn't controlled so we can exploit i...

7.4AI score
Exploits0
Prion
Prion
added 2007/08/21 6:17 p.m.20 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the 1 s parameter to index.php, and the 2 q parameter to a faq.php, b member.php, c memberlist.php, d calendar.php, e search.php, f forumdisplay.php, g...

4.3CVSS6.2AI score0.01022EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2007/08/21 6:17 p.m.20 views

CVE-2007-4453

Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the 1 s parameter to index.php, and the 2 q parameter to a faq.php, b member.php, c memberlist.php, d calendar.php, e search.php, f forumdisplay.php, g...

4.3CVSS6AI score0.01022EPSS
Exploits0References3
Prion
Prion
added 2007/08/03 9:17 p.m.17 views

Sql injection

Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the 2 loginid parameter uid variable, and possibly the 3 pwd parameter, to...

7.5CVSS9.3AI score0.01264EPSS
Exploits0References7
NVD
NVD
added 2007/08/03 9:17 p.m.21 views

CVE-2007-4156

Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the 2 loginid parameter uid variable, and possibly the 3 pwd parameter, to...

7.5CVSS8.6AI score0.01264EPSS
Exploits0References7
Cvelist
Cvelist
added 2007/08/03 9:0 p.m.22 views

CVE-2007-4156

Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the 2 loginid parameter uid variable, and possibly the 3 pwd parameter, to...

8.6AI score0.01264EPSS
Exploits0References7
0day.today
0day.today
added 2007/07/08 12:0 a.m.77 views

FlashGameScript <= 1.7 (user) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================ FlashGameScript = 1.7 user Remote SQL Injection Vulnerability ================================================================ FlashGameScript = 1.7 member.php$user...

7.1AI score
Exploits0
Prion
Prion
added 2007/06/27 12:30 a.m.18 views

Sql injection

SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter...

6.8CVSS9.1AI score0.01144EPSS
Exploits0References6
NVD
NVD
added 2007/06/27 12:30 a.m.14 views

CVE-2007-3450

SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

6.8CVSS8.1AI score0.0083EPSS
Exploits0References2
NVD
NVD
added 2007/06/27 12:30 a.m.17 views

CVE-2007-3449

SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter...

6.8CVSS8.4AI score0.01144EPSS
Exploits0References6
Prion
Prion
added 2007/06/27 12:30 a.m.13 views

Sql injection

SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

6.8CVSS8.8AI score0.0083EPSS
Exploits0References2
CVE
CVE
added 2007/06/27 12:0 a.m.47 views

CVE-2007-3450

CVE-2007-3450 is a SQL injection vulnerability in the 6ALBlog project, affecting the file member.php . The flaw allows remote attackers to execute arbitrary SQL commands by supplying the attack payload in the member parameter. This vulnerability is confirmed in multiple sources (NVD/NVDA-style re...

6.8CVSS8.1AI score0.0083EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2007/06/27 12:0 a.m.17 views

CVE-2007-3450

SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

8.1AI score0.0083EPSS
Exploits0References2
Cvelist
Cvelist
added 2007/06/27 12:0 a.m.22 views

CVE-2007-3449

SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter...

8.4AI score0.01144EPSS
Exploits0References6
Rows per page
Query Builder