41 matches found
AuraCMS <= 2.2.1 (online.php) Remote Blind SQL Injection Exploit
Exploit for unknown platform in category web applications ================================================================ AuraCMS 0 15. @mysqlquery"update useronline set timevisit='$utime' where ipproxy='$uipproxy'"; 16. else 17. @mysqlquery"insert into useronline...
AuraCMS 2.2.1 - X-Forwarded-For HTTP Header Blind SQL Injection
AuraCMS 2.2.1 - X-Forwarded-For HTTP Header Blind SQL Injection !/usr/bin/perl -w Indonesian Newhack Security Advisory ------------------------------------ AuraCMS 2.x online.php - Remote Blind SQL Injection Exploit Waktu : Feb 15 2008 01:00PM Software : AuraCMS Versi : 2.0 2.1 2.2.1 Vendor :...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the 1 s parameter to index.php, and the 2 q parameter to a faq.php, b member.php, c memberlist.php, d calendar.php, e search.php, f forumdisplay.php, g...
CVE-2007-4453
Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the 1 s parameter to index.php, and the 2 q parameter to a faq.php, b member.php, c memberlist.php, d calendar.php, e search.php, f forumdisplay.php, g...
CVE-2006-6892
The CVE-2006-6892 entry concerns OvBB 0.13a (Jonathon J. Freeman) with an XSS flaw in GetLocation() in online.php. The issue allows remote attackers to inject arbitrary script/HTML via the aRequest parameter, enabling client-side impact on affected pages. The vulnerability is caused by improper h...
[SA23484] OvBB Script Insertion Vulnerability
TITLE: OvBB Script Insertion Vulnerability SECUNIA ADVISORY ID: SA23484 VERIFY ADVISORY: http://secunia.com/advisories/23484/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: OvBB 0.x http://secunia.com/product/13131/ DESCRIPTION: A vulnerability has been...
CVE-2006-6892
Cross-site scripting XSS vulnerability in the GetLocation function in online.php in Jonathon J. Freeman OvBB 0.13a allows remote attackers to inject arbitrary web script or HTML via the aRequest variable...
VWar <= 1.50 R14 (online.php) Remote SQL Injection Vulnerability
No description provided by source. .: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | \\ /\ / :. . ..: ||| / \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 1o.o8.2oo6 .. Affected Application: VWar = v1.50 R14 . . : contact :...
CVE-2006-5059
Multiple cross-site scripting XSS vulnerabilities in WWWthreads 5.4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the Cat parameter to 1 dosearch.php, 2 postlist.php, 3 showmembers.php, 4 faqenglish.php, 5 online.php, 6 login.php, 7 newuser.php, 8 wwwthreads.php,...
VWar 1.50 R14 - online.php SQL Injection
VWar 1.50 R14 - online.php SQL Injection .: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | \\ /\ / :. . ..: ||| / \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 1o.o8.2oo6 .. Affected Application: VWar query" line 64: SELECT memberid,...
VWar <= 1.50 R14 (online.php) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ================================================================ VWar \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 1o.o8.2oo6 .. Affected Application: VWar query" line 64: SELECT memberid, name,...
VWar 1.50 R14 - 'online.php' SQL Injection
.: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | \\ /\ / :. . ..: ||| / \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 1o.o8.2oo6 .. Affected Application: VWar query" line 64: SELECT memberid, name, lastactivity line 65: FROM...
Path traversal
Jupiter CMS 1.1.5, when displayerrors is enabled, allows remote attackers to obtain the full server path via a direct request to modules/online.php...
CVE-2006-1679
CVE-2006-1679 is an XSS flaw in Jupiter CMS 1.1.5. The vulnerability is in modules/online.php and is exploitable via the layout parameter to index.php, allowing remote attackers to inject arbitrary web script or HTML. No remediation or patch details are provided in the connected documents.
arabportalXSS.txt
ArabPortal 2.0 Stable .. The Best Arbian Portal & Forums System The Bug Is XSS code online.php?&title=D3vil-0x1CODE download.php?action=byuser&userid=1&title=D3vil-0x1CODE /code center ^^ Secumod 0.1 Anti-XSS & SQL Injection ^^ Get It For Free !! Only 15$ And Update it forever Connect Me By E-Mai...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Arab Portal 2.0 aka Arab Dynamic Portal or ADP stable allow remote attackers to inject arbitrary web script or HTML via the title parameter in 1 online.php and 2 download.php...
CVE-2006-1504
CVE-2006-1504 concerns multiple XSS vulnerabilities in Arab Portal 2.0 (also called Arab Dynamic Portal/ADP). The issues allow remote attackers to inject arbitrary web script or HTML by manipulating the title parameter in two pages: online.php and download.php. The affected software is Arab Porta...
ArabPortal 2.0 Stable CrossSiteScripting
ArabPortal 2.0 Stable .. The Best Arbian Portal & Forums System The Bug Is XSS code online.php?&title=D3vil-0x1/titleXSSCODE/XSS download.php?action=byuser&userid=1&title=D3vil-0x1/titleXSSCODE/XSS /code center ^^ Secumod 0.1 Anti-XSS & SQL Injection ^^ Get It For Free !! Only 15$ And Update it...
Arab Portal 2.0 - online.php Cross-Site Scripting
Arab Portal 2.0 - online.php Cross-Site Scripting source: https://www.securityfocus.com/bid/17285/info ArabPortal System is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issu...
CVE-2004-2509
Infopop UBB.Threads exposes XSS in multiple pages. Affected versions include 6.2.3 and 6.5, with vulnerable scripts calendar.php, login.php, and online.php. The underlying issue is cross-site scripting via the Cat parameter, enabling remote attackers to inject arbitrary script/HTML into a user’s ...