Lucene search
K

41 matches found

0day.today
0day.today
added 2008/03/14 12:0 a.m.40 views

AuraCMS <= 2.2.1 (online.php) Remote Blind SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================================ AuraCMS 0 15. @mysqlquery"update useronline set timevisit='$utime' where ipproxy='$uipproxy'"; 16. else 17. @mysqlquery"insert into useronline...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2008/03/14 12:0 a.m.32 views

AuraCMS 2.2.1 - X-Forwarded-For HTTP Header Blind SQL Injection

AuraCMS 2.2.1 - X-Forwarded-For HTTP Header Blind SQL Injection !/usr/bin/perl -w Indonesian Newhack Security Advisory ------------------------------------ AuraCMS 2.x online.php - Remote Blind SQL Injection Exploit Waktu : Feb 15 2008 01:00PM Software : AuraCMS Versi : 2.0 2.1 2.2.1 Vendor :...

0.2AI score
Exploits0
Prion
Prion
added 2007/08/21 6:17 p.m.20 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the 1 s parameter to index.php, and the 2 q parameter to a faq.php, b member.php, c memberlist.php, d calendar.php, e search.php, f forumdisplay.php, g...

4.3CVSS6.2AI score0.01022EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2007/08/21 6:17 p.m.20 views

CVE-2007-4453

Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the 1 s parameter to index.php, and the 2 q parameter to a faq.php, b member.php, c memberlist.php, d calendar.php, e search.php, f forumdisplay.php, g...

4.3CVSS6AI score0.01022EPSS
Exploits0References3
CVE
CVE
added 2007/01/05 6:0 p.m.36 views

CVE-2006-6892

The CVE-2006-6892 entry concerns OvBB 0.13a (Jonathon J. Freeman) with an XSS flaw in GetLocation() in online.php. The issue allows remote attackers to inject arbitrary script/HTML via the aRequest parameter, enabling client-side impact on affected pages. The vulnerability is caused by improper h...

6.8CVSS5.9AI score0.01134EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2007/01/05 12:0 a.m.41 views

[SA23484] OvBB Script Insertion Vulnerability

TITLE: OvBB Script Insertion Vulnerability SECUNIA ADVISORY ID: SA23484 VERIFY ADVISORY: http://secunia.com/advisories/23484/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: OvBB 0.x http://secunia.com/product/13131/ DESCRIPTION: A vulnerability has been...

0.6AI score
Exploits0
NVD
NVD
added 2006/12/31 5:0 a.m.15 views

CVE-2006-6892

Cross-site scripting XSS vulnerability in the GetLocation function in online.php in Jonathon J. Freeman OvBB 0.13a allows remote attackers to inject arbitrary web script or HTML via the aRequest variable...

6.8CVSS5.7AI score0.01134EPSS
Exploits0References3
seebug.org
seebug.org
added 2006/12/06 12:0 a.m.25 views

VWar &lt;= 1.50 R14 (online.php) Remote SQL Injection Vulnerability

No description provided by source. .: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | \\ /\ / :. . ..: ||| / \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 1o.o8.2oo6 .. Affected Application: VWar = v1.50 R14 . . : contact :...

7.1AI score
Exploits0
NVD
NVD
added 2006/09/28 12:7 a.m.10 views

CVE-2006-5059

Multiple cross-site scripting XSS vulnerabilities in WWWthreads 5.4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the Cat parameter to 1 dosearch.php, 2 postlist.php, 3 showmembers.php, 4 faqenglish.php, 5 online.php, 6 login.php, 7 newuser.php, 8 wwwthreads.php,...

5.1CVSS5.8AI score0.0138EPSS
Exploits1References5
exploitpack
exploitpack
added 2006/08/10 12:0 a.m.30 views

VWar 1.50 R14 - online.php SQL Injection

VWar 1.50 R14 - online.php SQL Injection .: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | \\ /\ / :. . ..: ||| / \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 1o.o8.2oo6 .. Affected Application: VWar query" line 64: SELECT memberid,...

0.5AI score
Exploits0
0day.today
0day.today
added 2006/08/10 12:0 a.m.33 views

VWar <= 1.50 R14 (online.php) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================ VWar \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 1o.o8.2oo6 .. Affected Application: VWar query" line 64: SELECT memberid, name,...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/08/10 12:0 a.m.52 views

VWar 1.50 R14 - &#039;online.php&#039; SQL Injection

.: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | \\ /\ / :. . ..: ||| / \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 1o.o8.2oo6 .. Affected Application: VWar query" line 64: SELECT memberid, name, lastactivity line 65: FROM...

7.4AI score
Exploits0
Prion
Prion
added 2006/04/11 12:2 a.m.15 views

Path traversal

Jupiter CMS 1.1.5, when displayerrors is enabled, allows remote attackers to obtain the full server path via a direct request to modules/online.php...

2.6CVSS7.1AI score0.01218EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2006/04/10 11:0 p.m.53 views

CVE-2006-1679

CVE-2006-1679 is an XSS flaw in Jupiter CMS 1.1.5. The vulnerability is in modules/online.php and is exploitable via the layout parameter to index.php, allowing remote attackers to inject arbitrary web script or HTML. No remediation or patch details are provided in the connected documents.

4.3CVSS5.6AI score0.04061EPSS
Exploits1References5Affected Software1
Packet Storm
Packet Storm
added 2006/04/01 12:0 a.m.27 views

arabportalXSS.txt

ArabPortal 2.0 Stable .. The Best Arbian Portal & Forums System The Bug Is XSS code online.php?&title=D3vil-0x1CODE download.php?action=byuser&userid=1&title=D3vil-0x1CODE /code center ^^ Secumod 0.1 Anti-XSS & SQL Injection ^^ Get It For Free !! Only 15$ And Update it forever Connect Me By E-Mai...

7.4AI score
Exploits0
Prion
Prion
added 2006/03/30 1:6 a.m.20 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Arab Portal 2.0 aka Arab Dynamic Portal or ADP stable allow remote attackers to inject arbitrary web script or HTML via the title parameter in 1 online.php and 2 download.php...

5.1CVSS6.1AI score0.06412EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2006/03/30 1:0 a.m.41 views

CVE-2006-1504

CVE-2006-1504 concerns multiple XSS vulnerabilities in Arab Portal 2.0 (also called Arab Dynamic Portal/ADP). The issues allow remote attackers to inject arbitrary web script or HTML by manipulating the title parameter in two pages: online.php and download.php. The affected software is Arab Porta...

5.1CVSS5.8AI score0.06412EPSS
Exploits1References8Affected Software1
securityvulns
securityvulns
added 2006/03/29 12:0 a.m.31 views

ArabPortal 2.0 Stable CrossSiteScripting

ArabPortal 2.0 Stable .. The Best Arbian Portal & Forums System The Bug Is XSS code online.php?&title=D3vil-0x1/titleXSSCODE/XSS download.php?action=byuser&userid=1&title=D3vil-0x1/titleXSSCODE/XSS /code center ^^ Secumod 0.1 Anti-XSS & SQL Injection ^^ Get It For Free !! Only 15$ And Update it...

2AI score
Exploits0
exploitpack
exploitpack
added 2006/03/28 12:0 a.m.11 views

Arab Portal 2.0 - online.php Cross-Site Scripting

Arab Portal 2.0 - online.php Cross-Site Scripting source: https://www.securityfocus.com/bid/17285/info ArabPortal System is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issu...

Exploits0
CVE
CVE
added 2005/10/25 4:0 a.m.60 views

CVE-2004-2509

Infopop UBB.Threads exposes XSS in multiple pages. Affected versions include 6.2.3 and 6.5, with vulnerable scripts calendar.php, login.php, and online.php. The underlying issue is cross-site scripting via the Cat parameter, enabling remote attackers to inject arbitrary script/HTML into a user’s ...

4.3CVSS6.2AI score0.02233EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder