sBlog 0.7.2 search.php keyword Variable POST Method XSS

No description provided by source. source: http://www.securityfocus.com/bid/17044/info sBlog is prone to HTML-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be...

Joke Website Script SQL Injection and Cross-Site Scripting Vulnerabilities

No description provided by source. :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: General Information Advisory/Exploit Title = Joke Website Script SQL Injection and Cross-Site Scripting Vulnerabilities Author = Valentin Hoebel Contact = [email protected]...

s-cms 2.5 - Multiple Vulnerabilities

No description provided by source. ============================================================ Exploit Title: S-CMS Multiple Vuln Date: 14/11/2010 Author: LordTittiS Greetings To: GodOfPain, SystemOveride Software Link: http://www.matteoiammarrone.com http://www.matteoiammarrone.com/public/s-cms...

W-Agora 4.2.1 search.php search_user Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/23057/info w-Agora is prone to multiple input-validation vulnerabilities, including possible SQL-injection issues and multiple cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data...

OlateDownload 3.4 search.php query Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/20278/info OlateDownload is prone to multiple input-validation vulnerabilities, including HTML-injection and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful explo...

Recipe Script 'search.php' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31442/info Recipe Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser o...

SonicBB 1.0 Search.PHP Cross-Site Scripting Vulnerability

No description provided by source...

WordPress Business Directory Plugin <= 1.0.2 - Multiple XSS

Because of these vulnerabilities in forms/search.php, the attackers can inject arbitrary web script or HTML via the few parameters: "edit", "pagelinks", searchterm, "page" or "pageid". Solution Update the plugin...

CuteCms 3.5 /search.php SQL注入漏洞

No description provided by source...

CVE-2014-1840

Cross-site scripting XSS vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a dosearch action, which is not properly handled in a forced SQL error message...

MyBB 1.6.12 SQL Injection

IIIIIIII RRRRRRRRRRRR HHHHHHHH HHHHHHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRRRRRRRR HHHHHHHHHHHHHHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIIIIIII RRRRRRRR RRRRRR...

MyBB 'search.php'跨站脚本漏洞

BUGTRAQ ID: 65344 CVECAN ID: CVE-2014-1840 MyBB是一个功能完整并且非常实用的论坛软件。 MyBB 1.6.12及其他版本没有正确过滤search.php的参数值，在实现上存在跨站脚本漏洞，攻击者可利用此漏洞在受影响站点上下文中的用户浏览器内执行任意脚本代码。 0 MyBB MyBB 1.6.12 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.mybb.com/ html body form name="exploit"...

CuteCms 3.5 /search.php SQL注入漏洞

No description provided by source...

BIWEB企业版多处SQL注入

简要描述： 多个文件SQL注入 详细说明： search.php（BIWEB企业版几乎所有的该文件都存在这个问题） 举例：Product/search.php 文件24-60行（不止这一处） if!empty$REQUEST'productname' $strKeywords = strvalurldecodetrim$REQUEST'productname';//只是进行了简单的过滤空格和url解码 $arrKeywords = explode" ",$strKeywords;//将关键词用空格进行分割 $newArrKeywords = array;...

MyBB 1.6.12 POST Cross Site Scripting

alert/XSS/ " / document.exploit.submit;...

CTSCMS 4.0 search.php SQL注入漏洞

在/plus/search.php文件，外界传入数组的key未经过安全过滤直接赋值给变量$typeid，并且在创建对象时将变量$typeid做为参数传递给了SearchView类的构造函数，将传进来的变量$typeid直接放入SQL查询语句中执行，导致了SQL注入漏洞的产生。 0 CTSCMS 4.0 将$typeid变量进行过滤!...

RedAxScript 1.1 SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

Sql injection

Multiple SQL injection vulnerabilities in MYRE Realty Manager allow remote attackers to execute arbitrary SQL commands via the bathrooms1 parameter to 1 demo2/search.php or 2 search.php...

Cross site scripting

Cross-site scripting XSS vulnerability in search.php in MYRE Business Directory allows remote attackers to inject arbitrary web script or HTML via the look parameter...

JBS V2.0 (search.php) - SQL Injection Vulnerability

Exploit for php platform in category web applications JBS V2.0 search.php - SQL Injection Vulnerability ==================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : email protected , email protected .:. Home : http://www.iphobos.com/blog/ .:...