10 matches found
EUVD-2012-1236
Malware in sbrugna...
EUVD-2012-1237
Malware in sbrugna...
Powie pFile 1.01 SQL injection vulnerability
Exploit for php platform in category web applications +----------------------------------------------------------------------+ Exploit Title: Powie pFile 1.01 SQL injection vulnerability Google Dork: inurl:pfile/file.php?id= intext:"-- pFile 1.01 OS" Date: 22/06/2012 Exploit Author: Tunisian...
CVE-2012-1211
Cross-site scripting XSS vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via the filecat parameter...
Sql injection
SQL injection vulnerability in pfile/file.php in Powie pFile 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via the filecat parameter...
CVE-2012-1210
SQL injection vulnerability in pfile/file.php in Powie pFile 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2012-1211
CVE-2012-1211: XSS in Powie pFile 1.02 via pfile/kommentar.php (filecat parameter). Affected component: Powie pFile 1.02; vulnerability described as cross-site scripting, enabling remote script/HTML injection. CVSS v2 base score 4.3 (Medium) with network attack vector, no authentication, partial ...
CVE-2012-1210
CVE-2012-1210 describes an SQL injection in Powie pFile 1.02, specifically in pfile/file.php, exploitable via the id parameter to allow remote execution of arbitrary SQL commands. The CVSS v2 base score is 7.5 (HIGH) with network access, low attack complexity, no authentication, and partial impac...
Powie pFile 1.02 - '/pfile/file.php?id' SQL Injection
source: https://www.securityfocus.com/bid/51982/info pfile is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because it fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credential...