66 matches found
CVE-2008-4605
SQL injection vulnerability in CafeEngine allows remote attackers to execute arbitrary SQL commands via the id parameter to 1 dish.php and 2 menu.php...
CVE-2008-4605
CVE-2008-4605 describes an SQL injection vulnerability in CafeEngine. The vulnerability affects the id parameter in two scripts, dish.php and menu.php, allowing remote attackers to execute arbitrary SQL commands. This is the explicit compromise path described in the connected documents. The avail...
CVE-2007-4862
Cross-site scripting XSS vulnerability in admin/menu.php in SAXON 5.4 allows remote attackers to inject arbitrary web script or HTML via the confignewsurl parameter...
CVE-2007-4862
CVE-2007-4862 is a documented XSS vulnerability affecting SAXON 5.4 in admin/menu.php via config[news_url]. Exploitation requires register_globals On and magic_quotes_gpc Off; the NVD/NVD-derived reports list a Medium impact (I/P) and network access with no confidentiality or availability impact,...
Saxon 5.4 - 'Menu.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/26237/info Saxon is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
phpMyTourney menu.php远程文件包含漏洞
phpMyTourney是一款基于PHP的WEB应用程序。 phpMyTourney不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是由于'menu.php'脚本对用户提交的'functionsfile'参数缺少过滤,指定远程服务器上的任意文件作为包含对象,可导致以以WEB权限执行任意命令。 phpMyTourney 1.0.0a 目前没有解决方案提供: http://www.scripts.com/php-scripts/game-software/phpmytourney/...
Remote file inclusion
PHP remote file inclusion vulnerability in menu.php in phpMytourney allows remote attackers to execute arbitrary PHP code via a URL in the functionsfile parameter...
CVE-2007-4757
The vulnerability CVE-2007-4757 affects phpMytourney: a PHP remote file inclusion in menu.php allows an attacker to execute arbitrary PHP code by supplying a URL in the functions_file parameter. This is a server-side code execution risk (base CVSS 7.5, HIGH). Affected component is the menu.php in...
phpMytourney (menu.php) Remote File Inclusion Vulnerability
No description provided by source. Title : phpMytourney functionsfile Remote File Inclusion Vulnerability Author : S.W.A.T. Contact : [email protected] S.Page : http://script.vanta.ru/download.php?id=1178&clas=0 $$ : Free Site : Http://www.XmorS-Security.CoM - Http://www.xmors.com -...
phpMytourney (menu.php) Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications =========================================================== phpMytourney menu.php Remote File Inclusion Vulnerability =========================================================== Title : phpMytourney functionsfile Remote File Inclusion...
RaidenHTTPD workspace.php ulang Parameter Local File Inclusion
Binary data 5103.prm...
phpmysport-rfi.txt
------=Part134509048419.1173540747323 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Application : phpMySport CMS URL : http://phpmysport.sourceforge.net/en/ Variable menu.php includeonceROOT."/team/sqlteam.php";...
CVE-2007-1143
Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. dot dot in the dir parameter...
CVE-2007-0863
PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tcconfigrootdir parameter to 1 upgrade.php, 2 paintsave.php, 3 menu.php, 4 manage.php, and 5 banned.php. NOTE: his issue has been disputed by reliable third parties, who...
A-Blog.txt
1A-Blog Remote File Include BuG FounD by Drago84 Application Affect:2A-Blog Source Code: 3http://prdownloads.sourceforge.net/a-blog/A-BlogV2.rar?download Problem: Soluction: Include in page require "mainfile.php"; Page Vulnerable : menu.php Dir : /navigate/ Exempe Of ExPloit is:...
A-Blog 2.0 - menu.php Remote File Inclusion
A-Blog 2.0 - menu.php Remote File Inclusion ToXiC A-Blog Remote File Include BuG FounD by Drago84 Application Affect:A-Blog Source Code: http://prdownloads.sourceforge.net/a-blog/A-BlogV2.rar?download Problem: Soluction: Include in page require "mainfile.php"; Page Vulnerable : menu.php Dir :...
A-Blog 2.0 - 'menu.php' Remote File Inclusion
ToXiC A-Blog Remote File Include BuG FounD by Drago84 Application Affect:A-Blog Source Code: http://prdownloads.sourceforge.net/a-blog/A-BlogV2.rar?download Problem: Soluction: Include in page require "mainfile.php"; Page Vulnerable : menu.php Dir : /navigation/ Exempe Of ExPloit is:...
CVE-2006-3273
The CVE-2006-3273 entry documents a Cross-site Scripting (XSS) vulnerability in menu.php of Some Chess 1.5 rc1, exploitable via the user parameter in the “New Name” field. The affected component is menu.php within Some Chess 1.5 rc1; the underlying cause is input that is not properly sanitized, e...
CVE-2006-3272
Cross-site request forgery CSRF vulnerability in menu.php in Some Chess 1.5 rc2 allows remote attackers to conduct actions as another user, such as changing usernames and passwords, via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained from third...
Remote file inclusion
PHP remote file inclusion vulnerability in common-menu.php in Cameron McKay Informium 0.12.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONFlocalpath parameter...