Unfixed XSS vulnerability at www.scu.edu.au

Security researcher lljkrieg, has submitted on 24/07/2009 a cross-site-scripting XSS vulnerability affecting www.scu.edu.au, which at the time of submission ranked 75237 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 24/06/2010. It is currentl...

CVE-2008-6129

CVE-2008-6129 affects moziloWiki 1.0.1 and earlier. A directory-traversal in print.php allows remote attackers to read arbitrary files by providing .. in the page parameter. The NVD entry lists a MEDIUM base score (4.3) with network attack vector and partial confidentiality impact, but exploitati...

CVE-2008-5968

Directory traversal vulnerability in print.php in PHP iCalendar 2.24 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the cookielanguage parameter in a phpicalendar cookie, a different vector than CVE-2006-1292...

CVE-2008-5968

CVE-2008-5968 affects PHP iCalendar 2.24 and earlier. It is a directory traversal vulnerability in print.php that allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cookie_language parameter of a phpicalendar_* cookie. This is a different vector than CV...

Sql injection

SQL injection vulnerability in print.php in the AM Events aka Amevents module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2008-5768

SQL injection vulnerability in print.php in the AM Events aka Amevents module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter...

XOOPS Module Amevents (print.php id) SQL Injection Vulnerability

No description provided by source. XOOPS Module: Amevents AUTHOR : netRoot HOME : http://www.passw0rd.info MAÄ°L : [email protected] DORKS : dork: /modules/amevents/print.php?id= target: scriptpage.com/modules/amevents/print.php?id=sql Code Sql code:...

CVE-2008-4156

CVE-2008-4156 affects the CustomCms (CCMS) Gaming Portal 4.0. The vulnerability is a SQL injection in print.php via the id parameter when magic_quotes_gpc is disabled. This creates a risk of arbitrary SQL execution by a remote attacker. The available documents do not provide specific affected ver...

Sql injection

SQL injection vulnerability in print.php in CustomCms CCMS Gaming Portal 4.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2008-4088

SQL injection vulnerability in print.php in myPHPNuke MPN before 1.8.88rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in print.php in myPHPNuke MPN before 1.8.88rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter...

Sql injection

SQL injection vulnerability in print.php in myPHPNuke MPN before 1.8.88rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter...

CVE-2008-4088

CVE-2008-4088 affects myPHPNuke (MPN) up to version 1.8.8_8rc2, where print.php via the sid parameter allows remote SQL injection to execute arbitrary commands. Affected: print.php in MPN; root cause: insufficient input validation. Remediation: upgrade to 1.8.8_8rc2 or later.

CVE-2008-4089

CVE-2008-4089 affects myPHPNuke (MPN) prior to version 1.8.8_8rc2. The vulnerability is a cross-site scripting (XSS) flaw in print.php where the sid parameter can be injected with arbitrary web script or HTML. The available connected data confirms the affected component and the vulnerability clas...

CVE-2008-4088

SQL injection vulnerability in print.php in myPHPNuke MPN before 1.8.88rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter...

CVE-2008-4089

Cross-site scripting XSS vulnerability in print.php in myPHPNuke MPN before 1.8.88rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter...

myPHPNuke 'print.php' SQL注入漏洞

BUGTRAQ ID: 30942 CNCAN ID：CNCAN-2008090203 myPHPNuke是一款基于PHP的WEB应用程序。 myPHPNuke不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可能获得敏感信息或操作数据库。 问题由于'print.php'脚本对用户提交给'sid'参数缺少过滤，构建恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 获取管理员帐号密码信息：...

myPHPNuke 1.8.8_8rc2 - Cross-Site Scripting SQL Injection

myPHPNuke 1.8.88rc2 - Cross-Site Scripting SQL Injection Cross-Site Scripting and SQL Injection vulnerabilities in myPHPNuke By MustLive http://websecurity.com.ua Detailed information: http://websecurity.com.ua/2391/ Description: There are Cross-Site Scripting and SQL Injection vulnerabilities in...

myPHPNuke < 1.8.8_8rc2 (XSS/SQL) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ================================================================ myPHPNuke 1.8.88rc2 XSS/SQL Multiple Remote Vulnerabilities ================================================================ Cross-Site Scripting and SQL Injection...

myphpnuke-sqlxss.txt

Cross-Site Scripting and SQL Injection vulnerabilities in myPHPNuke By MustLive http://websecurity.com.ua Detailed information: http://websecurity.com.ua/2391/ Description: There are Cross-Site Scripting and SQL Injection vulnerabilities in print.php in myPHPNuke. XSS:...