Information disclosure

phpFormGenerator 2.09 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by forms/process.php...

Unrestricted file upload

Unrestricted file upload vulnerability in process.php in Tizag Countdown Creator 3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via index.php, then accessing the uploaded file via a direct request to the file in pics/. NOTE: some of these...

CVE-2008-6492

CVE-2008-6492 describes an unrestricted file upload in process.php for the product “Tizag Countdown Creator 3.” An attacker can upload a file with an executable extension via index.php and then access the uploaded file in the pics/ directory to achieve remote code execution. Details note that som...

Easybe 1-2-3 Music Store Process.PHP SQL注入漏洞

Easybe 1-2-3 Music Store是一款基于PHP的WEB应用程序。 Easybe 1-2-3 Music Store不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'Process.php'脚本对用户提交的'CategoryID'参数缺少过滤，提交恶意SQL查询作为参数数据，可导致应用程序处理时更改原来的SQL逻辑，攻击者可以获得敏感信息或者操作数据库。 Easybe 1-2-3 Music Store 1.0 目前没有解决方案提供： http://easybe.com/...

Sql injection

SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter...

CVE-2007-3520

SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter...

CVE-2007-3520

SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter...

CVE-2007-3520

CVE-2007-3520 describes a SQL injection in the Easybe 1-2-3 Music Store, via the parameter CategoryID in process.php, allowing remote attackers to execute arbitrary SQL commands. The root cause is unsafely handling the CategoryID input, enabling injected SQL through the web interface. Documented ...

Easybe 1-2-3 Music Store - process.php SQL Injection

Easybe 1-2-3 Music Store - process.php SQL Injection --==+================================================================================+==-- --==+ Easybe 1-2-3 Music Store SQL Injection Vulnerability +==-- --==+================================================================================+==...

Easybe 1-2-3 Music Store - 'process.php' SQL Injection

--==+================================================================================+==-- --==+ Easybe 1-2-3 Music Store SQL Injection Vulnerability +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE:...

easybe-sql.txt

--==+================================================================================+==-- --==+ Easybe 1-2-3 Music Store SQL Injection Vulnerability +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE:...

Code injection

Static code injection vulnerability in process.php in AimStats 3.2 allows remote attackers to inject PHP code into config.php via the number parameter in an update action...

CVE-2007-2168

Static code injection vulnerability in process.php in AimStats 3.2 and earlier allows remote attackers to inject PHP code into config.php via the databasehost parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2007-2167

The CVE-2007-2167 issue affects AimStats 3.2 and is caused by a vulnerability in process.php where the number parameter in an update action allows remote attackers to inject PHP code into config.php. This is a static code injection scenario that could enable arbitrary code execution in the PHP en...

CVE-2007-2168

Static code injection vulnerability in process.php in AimStats 3.2 and earlier allows remote attackers to inject PHP code into config.php via the databasehost parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

AimStats 3.2 (process.php update) Remote Code Execution Exploit

No description provided by source. !-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + + Y! Underground Group + +&n...

AimStats 3.2 (process.php update) Remote Code Execution Exploit

Exploit for unknown platform in category web applications =============================================================== AimStats 3.2 process.php update Remote Code Execution Exploit =============================================================== !--...

AimStats 3.2 - process.php?update Remote Code Execution

AimStats 3.2 - process.php?update Remote Code Execution !-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + + Y! Underground Group + + +...

Bubla <= 1.0.0rc2 (bu/process.php) Remote File Include Vulnerability

No description provided by source. DeltasecurityTEAM WwW.Deltasecurity.iR Portal Name = Bubla = 1.0.0rc2 Class = Remote File Inclusion Risk = High Remote File Execution Download = http://download.sourceforge.net/pub/sourceforge/b/bu/bubla/bubla-1.0.0rc1.tar.gz Discoverd By = DeltahackingTEAM User...

Bubla <= 1.0.0rc2 (bu/process.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ==================================================================== Bubla = 1.0.0rc2 bu/process.php Remote File Include Vulnerability ==================================================================== DeltasecurityTEAM Portal Name = Bub...