MyBulletinBoard RC4 polls.php polloptions Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/14553/info MyBulletinBoard is prone to multiple SQL injection vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...

LDU <= 8.x (polls.php) Remote SQL Injection Vulnerability

No description provided by source. Title : LDU = 8.x polls.php Remote SQL Injection Vulnerability Author : ajann Contact : : Dork : Powered by LDU SQL------------------------------------------------------ http://target/path/polls.php?id= Example: //...

ac4p Mobile polls.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/20895/info Mobile is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execu...

CVE-2009-2141

Multiple cross-site scripting XSS vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via 1 the returnto parameter to makepoll.php, 2 the returnto parameter in a delete action to polls.php, or the 3 Info or 4 Avatar field to my.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via 1 the returnto parameter to makepoll.php, 2 the returnto parameter in a delete action to polls.php, or the 3 Info or 4 Avatar field to my.php...

CVE-2009-2141

Multiple cross-site scripting XSS vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via 1 the returnto parameter to makepoll.php, 2 the returnto parameter in a delete action to polls.php, or the 3 Info or 4 Avatar field to my.php...

CVE-2006-6389

CVE-2006-6389 and related CVEs describe multiple cross-site scripting (XSS) vulnerabilities in the ac4p Mobile application. The flaws enable remote attackers to inject arbitrary web script or HTML by submitting crafted input to specific parameters: (1) Taaa to up.php and (2) pollhtml and (3) Blok...

CVE-2006-6343

CVE-2006-6343 concerns a SQL injection in the polls.php id parameter of Land Down Under / Seditio (Neocrome Seditio) 1.10 and earlier. The Nessus NASL details show the remote input to polls.php is not sanitized before use in a database query when magic_quotes_gpc is disabled, enabling an unauthen...

ac4p.txt

Discovered : SwEET-DeViL Product: http://www.ac4p.com tame : AL-garnei Saudi Arabia // Vulnerabilities there again this link http://www.securityfocus.com/archive/1/450496/30/0/threaded // \1\ in up.php http://site.com/path/up.php?Taaa=XSS \2\ in polls.php http://site.com/path/polls.php?pollhtml=x...

Seditio/Land Down Under Polls.PHP SQL注入漏洞

Seditio/Land Down Under是一款基于php的WEB应用程序。 Seditio/Land Down Under不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行sql注入攻击，获得敏感信息。 问题是由于'Polls.PHP'脚本对用户提交的'id'参数缺少过滤，提交包含多个"../"字符作为参数数据，可绕过web root路径限制，以web权限查看系统文件内容。 Neocrome Seditio 1.10 Neocrome Land Down Under 8.0 目前没有解决方案提供： http://www.neocrome.net/...

LDU &lt;= 8.x &#40;polls.php&#41; Remote SQL Injection Vulnerability

Title : LDU = 8.x polls.php Remote SQL Injection Vulnerability Author : ajann Contact : : Dork : "Powered by LDU" SQL------------------------------------------------------ http://target/path/polls.php?id= Example: //...

LDU &lt;= 8.x (polls.php) Remote SQL Injection Vulnerability

No description provided by source. Title : LDU = 8.x polls.php Remote SQL Injection Vulnerability Author : ajann Contact : : Dork : "Powered by LDU" SQL------------------------------------------------------ http://target/path/polls.php?id= Example: //...

LDU 8.x - polls.php SQL Injection

LDU 8.x - polls.php SQL Injection Title : LDU = 8.x polls.php Remote SQL Injection Vulnerability Author : ajann Contact : : Dork : "Powered by LDU" SQL------------------------------------------------------ http://target/path/polls.php?id= Example: //...

LDU <= 8.x (polls.php) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================= LDU = 8.x polls.php Remote SQL Injection Vulnerability ========================================================= Title : LDU = 8.x polls.php Remote SQL Injection Vulnerability Autho...

LDU 8.x - &#039;polls.php&#039; SQL Injection

Title : LDU = 8.x polls.php Remote SQL Injection Vulnerability Author : ajann Contact : : Dork : "Powered by LDU" SQL------------------------------------------------------ http://target/path/polls.php?id= Example: //...

CVE-2006-5770

Multiple cross-site scripting XSS vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via 1 Bloks, 2 Newnews, 3 lBlok, and 4 foooot parameter in a index.php; Newnews, 5 newmsgs, and Bloks parameter in b MobileNews.php; Newnews parameter in c polls.php; 6...

ac4p Mobile - polls.php Multiple Cross-Site Scripting Vulnerabilities (1)

ac4p Mobile - polls.php Multiple Cross-Site Scripting Vulnerabilities 1 source: https://www.securityfocus.com/bid/20895/info Mobile is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issu...

ac4p Mobile - &#039;polls.php&#039; Multiple Cross-Site Scripting Vulnerabilities (1)

source: https://www.securityfocus.com/bid/20895/info Mobile is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecti...

CVE-2006-1345

polls.php in MyBB aka MyBulletinBoard 1.10 allows remote attackers to obtain sensitive information via a vote action with an "option=null" parameter value, which reveals the path in an error message...

Design/Logic Flaw

polls.php in MyBB aka MyBulletinBoard 1.10 allows remote attackers to obtain sensitive information via a vote action with an "option=null" parameter value, which reveals the path in an error message...