157 matches found
gencms 2006 - Multiple Vulnerabilities
GenCMS http://gencms.berlios.de/ eLwauxc2009 LFI /show.php ---------------------------------------------------------------------------------------------------- 18: $param = $GET'p'; 19: ifempty$param $param = 'news'; 20: //get right page 21: //$page = $param.'.php'; 22: 23: //static or dynamic 24...
GenCMS 2006 Multiple Remote Vulnerabilities
No description provided by source. GenCMS http://gencms.berlios.de/ eLwauxc2009 LFI /show.php ---------------------------------------------------------------------------------------------------- 18: $param = $GET'p'; 19: ifempty$param $param = 'news'; 20: //get right page 21: //$page =...
Cross site scripting
Cross-site scripting XSS vulnerability in refbase before 0.9.5 allows remote attackers to inject arbitrary web script or HTML via the headerMsg parameter to 1 show.php and 2 search.php. NOTE: some of these details are obtained from third party information...
CVE-2008-6400
The connected records confirm CVE-2008-6400 is a Cross-site Scripting (XSS) vulnerability in refbase up to version 0.9.4/0.9.5 (before 0.9.5). The issue arises via the headerMsg parameter used by show.php and search.php , allowing remote attackers to inject arbitrary web script/HTML. The root cau...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in PhpForums.net mcGallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the lang parameter to 1 admin.php, 2 index.php, 3 sess.php, 4 stats.php, 5 detail.php, 6 resize.php, and 7 show.php. NOTE: the provenance of this...
CVE-2008-5955
SQL injection vulnerability in show.php in Wbstreet aka PHPSTREET Webboard 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2008-5955
SQL injection vulnerability in show.php in Wbstreet aka PHPSTREET Webboard 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...
wbstreet 1.0 - SQL Injection / File Disclosure
=================================================================== Wbstreet v.1.0 show.php id Remote SQL Injection Vulnerability =================================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...
PHPSTREET WebBoard 1.0 - show.php SQL Injection
PHPSTREET WebBoard 1.0 - show.php SQL Injection source: https://www.securityfocus.com/bid/32635/info PHPSTREET Webboard is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...
wbstreet 1.0 - SQL Injection File Disclosure
wbstreet 1.0 - SQL Injection File Disclosure =================================================================== Wbstreet v.1.0 show.php id Remote SQL Injection Vulnerability =================================================================== ,--^----------,--------,-----,-------^--, | |||||||||...
Sql injection
SQL injection vulnerability in show.php in BitmixSoft PHP-Lance 1.52 allows remote attackers to execute arbitrary SQL commands via the catid parameter...
Ol BookMarks Manager 0.7.5 - Local File Inclusion
:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.pl olbookmarks = 0.7.5 Local File Inclusion Vulnerability Script site: http://sourceforge.net/project/showfiles.php?groupid=24742 Vuln...
Sql injection
SQL injection vulnerability in show.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the dbtable parameter...
CVE-2008-3387
SQL injection vulnerability in show.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the dbtable parameter...
CVE-2008-3387
The CVE-2008-3387 entry concerns a SQL injection in show.php of PHPFootball 1.6, enabling remote attackers to execute arbitrary SQL commands via the dbtable parameter. The NVD-derived CVSSv2 metrics indicate a base score of 7.5 (HIGH) with network attack vector, low attack complexity, and no auth...
PHPFootball 'show.php' SQL注入漏洞
BUGTRAQ ID: 30296 CNCAN ID:CNCAN-2008072202 PHPFootball是一款基于PHP的WEB应用程序。 PHPFootball不正确处理用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可能获得敏感信息或操作数据库。 问题由于'show.php'脚本对用户提交给WEB参数缺少过滤,构建恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 PHPFootball 1.6 目前没有解决方案提供: http://phpfootball.sourceforge.net/...
PHPFootball 1.6 (show.php) Remote SQL Injection Vulnerability
No description provided by source. Viva IslaM Viva IslaM Remote SQL injection Vulnerability PHPFootball 1.6 show.php dbtable AuTh0r : Mr.SQL H0ME : WwW.PaL-HaCkEr.CoM && WwW.AtsDp.CoM/f Email : [email protected] SYRIAN Arab HACkErS -: Exploite :-...
PHPFootball 1.6 (show.php) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ============================================================= PHPFootball 1.6 show.php Remote SQL Injection Vulnerability ============================================================= Viva IslaM Viva IslaM Remote SQL injection Vulnerabilit...
CVE-2008-1621
Multiple cross-site scripting XSS vulnerabilities in GeeCarts allow remote attackers to inject arbitrary web script or HTML via the id parameter to 1 show.php, 2 search.php, and 3 view.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
FaScript FaPhoto v1 (show.php id) SQL Injection Vulnerability
No description provided by source. AUTHOR : IRCRASH Dr.Crash...