PHP-Nuke Module EasyContent - page_id SQL Injection

PHP-Nuke Module EasyContent - pageid SQL Injection ------------------------------------------------------------------------------- php-nuke modules EasyContent remote sql inj ------------------------------------------------------------------------------- found =xoron...

PHP-Nuke Advertising Module Modules.PHP SQL注入漏洞

PHP-Nuke Advertising Module是一款基于PHP的WEB应用程序。 PHP-Nuke Advertising Module不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是由于'Modules.PHP'脚本对用户提交的WEB参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或可能操作数据库。 PHP-Nuke Advertising Module 0.9 升级到最新的PHP-Nuke Advertising Module 0.9...

CVE-2007-5918

Cross-site request forgery CSRF vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an arbitrary user via a...

CVE-2007-5918

CVE-2007-5918 is a CSRF vulnerability in the MS TopSites add-on for PHP-Nuke. The flaw occurs in edit.php where the uname parameter is not verified against the current account, allowing a remote authenticated user to change arbitrary accounts or modify the SiteTitleName by supplying a modified un...

CVE-2007-5918

Cross-site request forgery CSRF vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an arbitrary user via a...

CVE-2007-4253

CVE-2007-4253 affects Envolution (News module, pages.php) with a SQL injection vulnerability exposed via the topic parameter in News 1.1.0 and earlier. The root cause is unsafely constructed SQL leading to arbitrary SQL execution by remote attackers. Connected documents confirm the same vulnerabi...

Web Slider 0.6 - 'path' Remote File Inclusion

Web Slider 0.6pathRemote File Inclusion Vulnerabilities D.Script: http://sourceforge.net/projects/webslider/ Discovered by: GolDM = Mahmoodali Homepage: http://Www.Tryag.Com/cc Exploit:Path/index.php?path=Shell Exploit:Path/modules/pdf.php?path=Shell Exploit:Path/plugins/highlight.php?path=Shell...

Sql injection

SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter...

gallery-rfi.txt

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Gallery = 1.4.4-pl4 phpbbrootpath Remote File Include Vulnerability Script : Gallery Version : 1.4.4-pl4 URL : http://puzzle.dl.sourceforge.net/sourceforge/gallery/gallery-1.6-alpha3.tar.gz Author : BorN To K!LL...

oscommerce-xss.txt

Oscommerce Multiple XSS in admin section. Vendor url:Http://www.oscommerce.com Advisore:http://lostmon.blogspot.com/2006/11/ oscommerce-multiple-xss-in-admin.html Vendor notify:YES Exploit available: YES osCommerce contains a flaw that allows a remote cross site scripting attack.This flaw exists...

CVE-2006-5565

CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the 1 name, 2 file, 3 module, and 4 func parameters in a index.php; and the 5 file parameter in b modules.php. NOTE: the provenance of this information is unknown;...

CVE-2006-3948

Cross-site scripting XSS vulnerability in modules.php in PHP-Nuke INP allows remote attackers to inject arbitrary web script or HTML via the query parameter...

PHP-Nuke - INP modules.php Cross-Site Scripting

PHP-Nuke - INP modules.php Cross-Site Scripting source: https://www.securityfocus.com/bid/19208/info PHPNuke INP is prone to a cross-site scripting vulnerability that affects the 'modules.php' script. The specific version affected is currently unknown...

PHP-Nuke - 'INP modules.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/19208/info PHPNuke INP is prone to a cross-site scripting vulnerability that affects the 'modules.php' script. The specific version affected is currently unknown. http://www.example.com/path/modules.php?name=Downloads&op=search&query=alert'ARIA'...

SQuery 4.5 - 'gore.php' Remote File Inclusion

================================================================= SQuery = 4.5libpath Remote File Inclusion Exploit ================================================================= Worked On : ALL VERSIONS | | Critical Level : Dangerous | | Gug Found In : gore.php |...

Sql injection

SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter...

CVE-2006-1686

CVE-2006-1686 affects APT-webshop-system modules.php in version 4.0 PRO and 3.0 BASIC/3.0 LIGHT. The vulnerability allows remote attackers to access unspecified files by modifying a warp parameter. The description does not specify the root cause, exact file paths, or the impact beyond file access...

Virtual War File İnclusion

Virtual War File nclusion --------------------------------- Site:http://www.vwar.de/ Demo:http://www.vwar.de/demo/ --------------------------------------- File nclusion // get functions $vwarroot = "./"; require $vwarroot . "includes/functionscommon.php"; require $vwarroot...

sPaiz-Nuke - 'modules.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/16412/info sPaiz-Nuke is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser o...

News Module for Envolution - 'modules.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/15857/info Envolution is prone to multiple input validation vulnerabilities. Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication...