1414 matches found
CVE-2006-1558
Cross-site scripting XSS vulnerability in search.php in PHP Script Index allows remote attackers to inject arbitrary web script or HTML via the search parameter...
CVE-2006-1558
Cross-site scripting XSS vulnerability in search.php in PHP Script Index allows remote attackers to inject arbitrary web script or HTML via the search parameter...
CVE-2006-1558
The CVE-2006-1558 entry concerns an XSS vulnerability in PHP Script Index, specifically in search.php. The underlying issue is a reflected/script injection via the search parameter, allowing remote attackers to inject arbitrary web script or HTML. Connected data confirm the affected component as ...
CVE-2006-1559
CVE-2006-1559 affects PHP Script Index with a SQL injection vulnerability exploitable via the search parameter. The NVD listing reports a network-exploitable issue of low complexity and no authentication, enabling remote attackers to potentially perform arbitrary SQL commands, with partial impact...
[SA19443] PHP Script Index "search" Cross-Site Scripting Vulnerability
TITLE: PHP Script Index "search" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA19443 VERIFY ADVISORY: http://secunia.com/advisories/19443/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: PHP Script Index http://secunia.com/product/9033/ DESCRIPTION:...
phpBannerExchange Template Class Local File Inclusion
The remote host is running phpBannerExchange, a banner exchange script written in PHP. The version of phpBannerExchange installed on the remote host uses a template class that fails to sanitize user-supplied input before using it in a PHP 'include' function. An unauthenticated attacker can exploi...
CuteNews <= 1.4.1 (function.php) Local File Include Exploit
No description provided by source. ?php // Happy NEW Iranian year . // Happy Norouz PERSIAN celebration // CuteNews 1.4.1 CutePHP.com Hash password Finder // by Hamid Ebadi // http://hamid.ir // Bug Discovered and Exploited by Hamid Ebadi .: Hamid Network Security Team :. // run it from your...
Land Down Under <= 800 Multiple Vulnerabilities
The remote web server contains a PHP script that permits SQL injection and cross-site scripting attacks. Description : The remote version of Land Down Under is prone to various SQL injection and cross-site scripting attacks provided PHP's 'magicquotes' setting is disabled due to its failure to...
MailGust SQL Injection Vulnerability
The remote web server contains a PHP script that is prone to SQL injection attacks. Description : The remote host appears to be running MailGust, a mailing list manager, newsletter distribution tool and message board. A vulnerability was identified in MailGust, which may be exploited by remote...
CuteNews 1.4.1 - function.php Local File Inclusion
CuteNews 1.4.1 - function.php Local File Inclusion CuteNews 1.4.1 user Hash password Finder CuteNews 1.4.1 and Below user Hash password Finder Security ? . Bug Discovered and Exploited by Hamid Ebadi .: Hamid Network Security Team :. Happy Norouz PERSIAN new year celebration Greetz to all Iranian...
Calendar Express Multiple Flaws
The remote web server contains a PHP script which is vulnerable to a cross site scripting and SQL injection vulnerability. Description : The remote host is using Calendar Express, a PHP web calendar. A vulnerability exists in this version which may allow an attacker to execute arbitrary HTML and...
The Includer remote command execution flaw
The remote web server contains a PHP script that is affected by a remote code execution vulnerability. The remote host is running The Includer, a PHP script for emulating server-side includes. The version of The Includer installed on the remote host allows an attacker to execute arbitrary shell...
Digital Scribe login.php SQL Injection flaw
The remote web server contains a PHP script which is vulnerable to a SQL injection. Description : The remote web server hosts Digital Scribe, a student-teacher set of scripts written in PHP. The version of Digital Scribe installed on the remote host is prone to SQL injection attacks through the...
WebAlbum <= 2.02pl COOKIE[skin2] Remote Code Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "WebAlbum = 2.02pl $COOKIEskin2 remote cmmnds xctn \r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "- this works with magicquotesgpc=Off\r\n"; echo "dork: WEBalbum...
txtForum: Script Injection Vulnerability
=========================================================== txtForum: Script Injection Vulnerability =========================================================== Technical University of Vienna Security Advisory TUVSA-0603-004, March 9, 2006 =========================================================...
RedBLoG <= 0.5 (cat_id) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ==================================================== RedBLoG x...
Woltlab Burning Board Multiple SQL Injections
The remote version of Burning Board includes an optional module, the Database module, that fails to properly sanitize the 'fileid' parameter of the 'infodb.php' script, which can be exploited to launch SQL injection attacks against the affected host. %NASLMINLEVEL 70300 C Tenable Network Security...
Owl Intranet Engine lib/OWL_API.php xrms_file_root Parameter Remote File Inclusion
The remote host is running Owl Intranet Engine, a web-based document management system written in PHP. The version of Owl Intranet Engine on the remote host fails to sanitize user-supplied input to the 'xrmsfileroot' parameter of the 'lib/OWLAPI.php' script before using it in a PHP 'requireonce'...
LoudBlog 0.41 - backend_settings.php Traversal Arbitrary File Access
LoudBlog 0.41 - backendsettings.php Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure...
LoudBlog 0.41 - index.php?template Traversal Arbitrary File Access
LoudBlog 0.41 - index.php?template Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure...