CVE-2009-2895

SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate URA 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter...

Sql injection

SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate URA 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter...

CVE-2009-2895

CVE-2009-2895 is a SQL injection in rss.php of Ultimate Regnow Affiliate (URA) 3.0 exposed via the cat parameter. Remote attackers could cause arbitrary SQL execution. Affects URA 3.0; CVSS v2 base score 7.5 (HIGH). Exploit reference exists (Exploit-DB 9263). No remediation details provided in th...

Sql injection

SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter...

CVE-2008-6952

The vulnerability CVE-2008-6952 affects MauryCMS 0.53.2 and earlier, due to an SQL injection in Rss.php that allows remote attackers to execute arbitrary SQL commands via the c parameter. Public sources confirm the issue, with CVSSv2 base score 7.5 (HIGH), attack vector NETWORK, authentication NO...

URA 3.0 (cat) remote SQL injection Vulnerability

Exploit for unknown platform in category web applications ================================================ URA 3.0 cat remote SQL injection Vulnerability ================================================ --------------------------------------------------- URA 3.0 cat remote SQL injection...

URA 3.0 - cat SQL Injection

URA 3.0 - cat SQL Injection --------------------------------------------------- URA 3.0 cat remote SQL injection Vulnerability --------------------------------------------------- + Author : Chip D3 Bi0s + Email : chipdebiosalt+64gmail.com + Group : LatinHackTeam + Vulnerability : SQL injection...

TinX CMS rss.php模块SQL注入漏洞

BUGTRAQ ID: 34021 CVECAN ID: CVE-2009-0825 TinX/cms是使用PHP/MySQL编写的开源内容管理系统。 TinX的CMS rss.php模块中没有正确地验证传送给id参数的用户输入，远程攻击者可以通过提交恶意请求执行SQL注入攻击。 TinX/cms 3.x 厂商补丁： TinX/cms -------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://sourceforge.net/project/shownotes.php?groupid=133415&releaseid=658540...

Sql injection

SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2009-0825

TinX CMS is vulnerable to an SQL injection in the rss.php module. Affected: TinX CMS 3.x before 3.5.1. Root cause: user input passed to the id parameter is not properly sanitized, allowing remote attackers to craft requests (e.g., /system/rss.php?id=1'SQL-code) to trigger arbitrary SQL execution....

TinXCMS 3.5 - rss.php SQL Injection

TinXCMS 3.5 - rss.php SQL Injection source: https://www.securityfocus.com/bid/34021/info TinX CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise th...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Camera Life 2.6.2b8 allow remote attackers to inject arbitrary web script or HTML via the q parameter to 1 search.php and 2 rss.php; the query string after the image name in 3 photos/photo; the path parameter to 4 folder.php; page parameter and...

CVE-2008-5949

Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cctbase parameter to 1 index.php; 2 handle/proxy.php; 3 header.php, 4 include.php, and 5 workspace.php in includes/; and 6 plugins/RSS/files/rss.php...

CVE-2008-5919

Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magicquotesgpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter...

cctiddly-rfi.txt

/ $Id: cctiddly-1.7.4-rfi.txt,v 0.1 2008/12/04 04:12:20 cOndemned Exp $ ccTiddly 1.7.4 cctbase Multiple Remote File Inclusion Vulnerabilities found by cOndemned download from : http://tiddlywiki.org/ccTiddly/ccTiddlyv1.7.4.zip Probably prior versions are vulnerable too... Greetz: ZaBeaTy, str0ke,...

ArabCMS (rss.php rss) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ======================================================== ArabCMS rss.php rss Local File Inclusion Vulnerability ======================================================== Local File Inclusion Vulnerabilities...

ArabCMS - 'rss.php' Local File Inclusion

Local File Inclusion Vulnerabilities http://www.the-ghost.com/extras/am2/am%202.0%20beta%201.zip author : JIKO foor read a php file ?rss=name of file iwthout php for execute exploit does not write extention of file exploit : /Script/rss.php?rss=../name of file wthout php example :...

CVE-2008-3165

Directory traversal vulnerability in rss.php in fuzzylime cms 3.01a and earlier, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the p parameter, as demonstrated using content.php, a different vector than CVE-2007-4805...

fuzzylime (cms) 3.01 Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl fuzzylime 3.0.1 Perl exploit discovered & written by Ams [email protected] DESCRIPTION: There are availability to load files through script rss.php, and also there are unfiltered extract; usage. This exploit creates shell in...

Fuzzylime CMS 3.01 - Remote Command Execution

!/usr/bin/perl fuzzylime 3.0.1 Perl exploit discovered & written by Ams [email protected] DESCRIPTION: There are availability to load files through script rss.php, and also there are unfiltered extract; usage. This exploit creates shell in /code/counter/middleindexinc.php USAGE: Run exploit: perl...