CVE-2014-4302

Cross-site scripting XSS vulnerability in rating/rating.php in HAM3D Shop Engine allows remote attackers to inject arbitrary web script or HTML via the ID parameter...

CVE-2017-20143 Itech Movie Portal Script film-rating.php Error sql injection

A vulnerability, which was classified as critical, has been found in Itech Movie Portal Script 7.36. This issue affects some unknown processing of the file /film-rating.php. The manipulation of the argument v leads to sql injection Error. The attack may be initiated remotely. The exploit has been...

freegamestower.com XSS vulnerability

Open Bug Bounty ID: OBB-216793 Description| Value ---|--- Affected Website:| freegamestower.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

vCard PRO 0 rating.php card_id Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/18699/info VCard PRO is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit...

MemHT Portal 4.0.1 - SQL Injection Code Execution Exploit

No description provided by source. !/usr/bin/perl =about MemHT 4.0.1 Perl exploit AUTHOR discovered & written by Ams ax330d doggy gmail dot com VULN. DESCRIPTION: Due to weak params filtering we are able to make SQL-Injection. So, 1. Look at 'inc/ajax/ajaxrating.php', line 29. It is not enough to...

HAM3D Shop Engine CMS Cross Site Scripting

Exploit Title : HAM3D Shop Engine CMS XSS Vulnerability + Discovered By : Medrik + Vendor Home-Page : http://ham3d.net/ + Tested On : Windows Note : Another XSS Vuln Discovered By IeDb . This Is a XSS Vulnerability In HAM3D Cms . Locate : http://vulnerablehost/rating/rating.php?ID=XSS Image :...

Sql injection

SQL injection vulnerability in rating.php in New 5 star Rating 1.0 allows remote attackers to execute arbitrary SQL commands via the det parameter...

CVE-2009-3965

CVE-2009-3965 describes an SQL injection in rating.php of the application “New 5 star Rating” version 1.0, learnable via the det parameter. The underlying flaw enables remote attackers to execute arbitrary SQL commands, with the NVD noting a base score of 7.5 (HIGH) and network-exposed, low-compl...

New5starRating 1.0 (rating.php) SQL Injection Vulnerability

No description provided by source. New5starRating v1.0 rating.php Sql Inj. Vuln. Yazar: Bgh7 Turk Bilisim Gucleri Download; http://www.maniacomputer.com/5starrating/New5Star.html Bug--Sql Inj. Exp: rating.php?det=-1 union select userid,0,0,userpass from admin Panel: /admin/ Thanks: milw0rm--Str0k...

New5starRating 1.0 (rating.php) SQL Injection Vulnerability

Exploit for unknown platform in category web applications =========================================================== New5starRating 1.0 rating.php SQL Injection Vulnerability =========================================================== New5starRating v1.0 rating.php Sql Inj. Vuln. Yazar: Bgh7 Tur...

New5starRating 1.0 - rating.php SQL Injection

New5starRating 1.0 - rating.php SQL Injection New5starRating v1.0 rating.php Sql Inj. Vuln. Yazar: Bgh7 Turk Bilisim Gucleri Download; http://www.maniacomputer.com/5starrating/New5Star.html Bug--Sql Inj. Exp: rating.php?det=-1 union select userid,0,0,userpass from admin Panel: /admin/ Thanks:...

New5starRating 1.0 SQL Injection

New5starRating v1.0 rating.php Sql Inj. Vuln. Yazar: Bgh7 Turk Bilisim Gucleri Download; http://www.maniacomputer.com/5starrating/New5Star.html Bug--Sql Inj. Exp: rating.php?det=-1 union select userid,0,0,userpass from admin Panel: /admin/ Thanks: milw0rm--Str0ke...

New5starRating 1.0 - 'rating.php' SQL Injection

New5starRating v1.0 rating.php Sql Inj. Vuln. Yazar: Bgh7 Turk Bilisim Gucleri Download; http://www.maniacomputer.com/5starrating/New5Star.html Bug--Sql Inj. Exp: rating.php?det=-1 union select userid,0,0,userpass from admin Panel: /admin/ Thanks: milw0rm--Str0ke milw0rm.com 2009-08-24...

Sql injection

SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the postid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2007-2898

The CVE-2007-2898 entry describes an SQL injection vulnerability in the 2z Project 0.9.5, specifically in the file includes/rating.php where user input from the rating parameter to index.php is unsafely handled. This leads to the possibility of remote attackers executing arbitrary SQL commands. T...

CVE-2007-2905

CVE-2007-2905 is a reported SQL injection vulnerability in the 2z Project 0.9.5, affecting the includes/rating.php component. The vulnerability allows remote attackers to execute arbitrary SQL commands via the post_id parameter. Multiple connected sources corroborate this flaw. The documents do n...

built2go-xss.txt

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ DigitaL Hacking TeaM Built2Go...