218 matches found
CVE-2007-4893
wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user MU before 1.2.5a does not properly verify the unfilteredhtml privilege, which allows remote attackers to conduct cross-site scripting XSS attacks via modified data to 1 post.php or 2 page.php with a nofilter field...
Cross site scripting
wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user MU before 1.2.5a does not properly verify the unfilteredhtml privilege, which allows remote attackers to conduct cross-site scripting XSS attacks via modified data to 1 post.php or 2 page.php with a nofilter field...
CVE-2007-4893
wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user MU before 1.2.5a does not properly verify the unfilteredhtml privilege, which allows remote attackers to conduct cross-site scripting XSS attacks via modified data to 1 post.php or 2 page.php with a nofilter field...
WordPress <= 2.2.3 - XSS
The attackers can conduct cross-site scripting XSS attacks via modified data to post.php or page.php with a nofilter field. Solution Update WordPress...
CVE-2007-4090
Multiple cross-site scripting XSS vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via 1 the URI to inc/lib/screen.php or 2 the title parameter to post.php. NOTE: vector 2 might overlap CVE-2006-6283. NOTE: the provenance of this information is...
Vikingboard 0.1.2 - 'post.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/25056/info Vikingboard is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to steal cookie-based authentication credentials and to launch oth...
PBSite - PHP Bulletin Site | CMS ====> RFI
.-" "-. / | TiTaNiC | |, .-. .-. ,| | o/ o | |/ / | @ ^^ |IIIIII|/ @8@8|-IIIIII/-| / HaCkEr / @ script:PBSite - PHP Bulletin Site | CMS ==== RFI url:http://sourceforge.net/project/showfiles.php?groupid=88114 authot:titanichacker [email protected] contact: hack-teach.com & mohandko.com...
MyEvent1.6 (template.php) Remote File Inclusion Vulnerability
.-" "-. / | TiTaNiC | |, .-. .-. ,| | o/ o | |/ / | @ ^^ |IIIIII|/ @8@8|-IIIIII/-| / HaCkEr / @ script:PBSite - PHP Bulletin Site | CMS ==== RFI url:http://sourceforge.net/project/showfiles.php?groupid=88114 authot:titanichacker [email protected] contact: hack-teach.com & mohandko.com...
Post REvolution 0.7.0 RC 2 - 'dir' Remote File Inclusion
Post Revolution Remote File Inclusion Affected Software .: Post Revolution 6.6 / 7.0 Release Candidate 2 Download..: http://www.fabio.com.ar/postrev/ Risk ..............: high Date .........: 25/3/2007 Found by ..........: InyeXion Contact ...........: InyeXionatgmail.com Web .............:...
Sql injection
SQL injection vulnerability in post.php in Particle Blogger 1.0.0 through 1.2.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter...
CVE-2007-1510
Particle Blogger 1.0.0–1.2.0 victims: SQL injection in post.php via the postid parameter allows remote execution of arbitrary SQL commands. Root cause is improper handling of input in the SQL query, enabling attacker access to/alteration of database data. CVSS details indicate high impact with pa...
Particle Blogger Post.PHP SQL注入漏洞
Particle Blogger是一款基于PHP的WEB应用程序。 Particle Blogger不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息。 问题是'Post.PHP'脚本对用户提交的'postid'参数缺少过滤,提交恶意SQL代码作为参数数据,可导致更改原来的SQL逻辑,获得敏感信息。 Particle Soft Particle Blogger 1.2 Particle Soft Particle Blogger 1.1.2 Particle Soft Particle Blogger 1.1.1 Particle Soft Particl...
Heart empty Forum(CKong) v2. 5 SQL injection vulnerability-vulnerability warning-the black bar safety net
Program: heart empty ForumCKong Version:=2.5 Type: sql injection Vulnerability analysis 1, The post.php | ? requireonce"include/config.inc.php"; requireonce'include/functions.inc.php'; $fid=intval$fid; $tid=intval$tid; $pid=intval$pid; ......... if!$ Cerrormsg if$postid $sql='select...
CVE-2006-3937
CVE-2006-3937 affects x_atrix xGuestBook 1.02 via post.php. The vulnerability allows remote attackers to obtain sensitive information by crafting a request that omits any of the parameters (user, mail, p, url), causing an error message that reveals the installation path. The NVD records a CVSSv2 ...
Xtreme/Ditto News <= 1.0 (post.php) Remote File Include Vulnerability
No description provided by source. $$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ Xtreme/Ditto News = v.1.0 Remote File Include Vulnerability $$ Script site: http://www.xtremescripts.com/ $$ Script site: http://www.dittoscripts.com/ $$ Dork: "News Managed by Ditto News" $$...
CVE-2006-2584
CVE-2006-2584 documents multiple cross-site scripting (XSS) vulnerabilities in post.php of SkyeBox 1.2.0. The issue allows remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameters. The description notes that provenance is from third-party information and ...
Fusion News 1.0 (fil_config) - Remote File Inclusion
!/usr/bin/perl use IO::Socket; Exploit coded by: X0r1 Bug found by: X0r1 release: 21.05.06 vulnerable code in sources\post.php at lines 32-35: ---------------------------------------------------------------------------------- ... global $VARS, $TEMPLATE, $fillang, $filconfig, $urlfs, $urlsmil,...
invisionGallery206.txt
left Invision Gallery 2.0.6 SQL Injection File :- modules/gallery/post.php Line :- 943 Bug By :- Devil-00 Welcome Back Security4arab Arabian Security WebSites www.s4a.cc www.securitygurus.net php $this-ipsclass-DB-simpleconstruct array 'select' = 'COUNT AS total', 'from' = 'galleryimages', 'where...
CVE-2006-2202
SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allows remote attackers to execute arbitrary SQL commands via the album parameter...
CVE-2006-2202
The CVE-2006-2202 entry concerns an SQL injection in Invision Gallery 2.0.6, exploitable via the album parameter in post.php. An attacker could execute arbitrary SQL commands, with the impact described as partial confidentiality and integrity; the vulnerability is tied to user input not being pro...