3278 matches found
CVE-2007-5577
Multiple cross-site scripting XSS vulnerabilities in Joomla! before 1.0.13 aka Sunglow allow remote attackers to inject arbitrary web script or HTML via the 1 Title or 2 Section Name form fields in the Section Manager component, or 3 multiple unspecified fields in New Menu Item...
CVE-2007-5577
Multiple cross-site scripting XSS vulnerabilities in Joomla! before 1.0.13 aka Sunglow allow remote attackers to inject arbitrary web script or HTML via the 1 Title or 2 Section Name form fields in the Section Manager component, or 3 multiple unspecified fields in New Menu Item...
CVE-2007-5577
CVE-2007-5577 affects Joomla! (pre-1.0.13, aka Sunglow). The vulnerability allows remote XSS via the Section Manager’s Title/Section Name fields and multiple fields in New Menu Item, enabling injection of arbitrary script/HTML. Affected component/versions are stated; impact is client-side script ...
CVE-2007-5487
Stack-based buffer overflow in COWON America jetAudio Basic 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a long URL in an EXTM3U section of a .m3u file...
Unfixed XSS vulnerability at www.thirdage.com
Security researcher Darkster, has submitted on 10/08/2007 a cross-site-scripting XSS vulnerability affecting www.thirdage.com, which at the time of submission ranked 46001 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/08/2007. It is...
CVE-2007-5059
Multiple cross-site scripting XSS vulnerabilities in GreenSQL allow remote attackers to inject arbitrary web script or HTML via several vectors, as demonstrated by the 1 uname and 2 pass parameters in a login form, and 3 an unspecified "url value," leading to storage of XSS sequences in the...
Cross site scripting
Cross-site scripting XSS vulnerability in Joomla! 1.5 before RC2 aka Endeleo allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section...
CVE-2007-4779
Cross-site scripting XSS vulnerability in Joomla! 1.5 before RC2 aka Endeleo allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section...
CVE-2007-4779
Cross-site scripting XSS vulnerability in Joomla! 1.5 before RC2 aka Endeleo allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section...
Joomla! 1.5 Beta1/Beta2/RC1 - SQL Injection
!/usr/bin/php -q -d shortopentag=on getPageParameters; switch $params-get'filtertype', 'title' case 'title' : $where .= ' AND LOWER a.title LIKE '%'.$filter.'%''; break; case 'author' : $where .= ' AND LOWER u.name LIKE '%'.$filter.'%' OR LOWER a.createdbyalias LIKE '%'.$filter.'%' '; break;...
Unfixed XSS vulnerability at www.unicycle.com
Security researcher KURDISHMOD, has submitted on 20/05/2007 a cross-site-scripting XSS vulnerability affecting www.unicycle.com, which at the time of submission ranked 220478 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 21/05/2007. It is...
webdesproxy 0.0.1 - exec-shield GET Remote Code Execution
webdesproxy 0.0.1 - exec-shield GET Remote Code Execution / Fedora Core 6 exec-shield based Webdesproxy webdesproxy-0.0.1.tgz remote root exploit reverse connect-back method by Xpl017Elz Advanced exploitation in exec-shield Fedora Core case study URL:...
CVE-2007-1974
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section aka WF-Sections 1.0.1, as used in Xoops modules such as 1 Zmagazine 1.0, 2 Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via...
Sql injection
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section aka WF-Sections 1.0.1, as used in Xoops modules such as 1 Zmagazine 1.0, 2 Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via...
CVE-2007-1974
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section aka WF-Sections 1.0.1, as used in Xoops modules such as 1 Zmagazine 1.0, 2 Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via...
CVE-2007-1974
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section aka WF-Sections 1.0.1, as used in Xoops modules such as 1 Zmagazine 1.0, 2 Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via...
CVE-2007-1974
The CVE-2007-1974 entry describes an SQL injection in WF-Section (XOOPS WF-Section) 1.0.1, via the articleid parameter to print.php, affecting the getArticle function in class/wfsarticle.php. Affected component is the WF-Section XOOPS module; the vulnerability arises from inadequate input sanitiz...
XOOPS WF-Section Module print.php articleid Parameter SQL Injection
The remote host is running the WF-Section module, a third-party module for XOOPS. The version of this module installed on the remote host fails to properly sanitize user-supplied input to the 'articleid' parameter of the 'modules/wfsection/print.php' script before using it to build a database...
XOOPS Module WF-Section <= 1.01 (articleid) SQL Injection Exploit
Exploit for unknown platform in category web applications ================================================================= XOOPS Module WF-Section : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n";...
XOOPS Module WF-Section 1.01 - 'articleId' SQL Injection
!/usr/bin/perl Script Name: XOOPS Module WF-Section : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; print "User ID uid: "; $id = ; chop $id; $target =...