Path traversal

categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' quote character in the cid parameter, which reveals the path in a forced SQL error message...

CVE-2007-3290

categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' quote character in the cid parameter, which reveals the path in a forced SQL error message...

CVE-2007-3290

categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' quote character in the cid parameter, which reveals the path in a forced SQL error message...

CVE-2007-3127

content.php in WSPortal 1.0, when magicquotesgpc is disabled, allows remote attackers to obtain sensitive information via a "';" quote semicolon sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message...

Design/Logic Flaw

content.php in WSPortal 1.0, when magicquotesgpc is disabled, allows remote attackers to obtain sensitive information via a "';" quote semicolon sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message...

EUVD-2007-3119

content.php in WSPortal 1.0, when magicquotesgpc is disabled, allows remote attackers to obtain sensitive information via a "';" quote semicolon sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message...

CVE-2007-3127

CVE-2007-3127 affects WSPortal 1.0. The issue is a path disclosure vulnerability in content.php: when magic_quotes_gpc is disabled, a crafted page parameter containing a "'"; sequence can trigger a forced SQL error that reveals the server installation path. Impact is information disclosure (parti...

Improper access control

Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain 1 the board log via a direct request for logs/board-YYYY-MM-DD.log, 2 the mail and private message PM log via a direct request for...

CVE-2007-1597

Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain 1 the board log via a direct request for logs/board-YYYY-MM-DD.log, 2 the mail and private message PM log via a direct request for...

Unclassified NewsBoard 1.6.3 multiples logs disclosure

board log disclosure : can see the board log in :http://site.com/unblib/logs/board-2007-03-16.log mail disclosure : can see every mail/pm sended in : http://site.com/unblib/logs/email-YY-MONTH-DAY-HOURS-MINUTS-SEC.log sql error disclosure : can see every error sql :...

Word Press Sensitive Directory exposure (SQL)

Found By: r00tati Web App: Word Press Versions: unknown Level: low File Name: admin-functions.php //SQL EXAMPLE ERROR: Fatal error: Call to undefined function in /usr/local/www//data/wp-admin/admin-functions.php on line 1593 Thanks, r00t...

CVE-2007-1237

sitex allows remote attackers to obtain potentially sensitive information via a ' quote value for certain parameters, as demonstrated by parameters used in forum and search, which forces a SQL error...

CVE-2007-1237

sitex allows remote attackers to obtain potentially sensitive information via a ' quote value for certain parameters, as demonstrated by parameters used in forum and search, which forces a SQL error...

CVE-2007-1151

Cross-site scripting XSS vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error...

Cross site scripting

Cross-site scripting XSS vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error...

CVE-2007-1151

Cross-site scripting XSS vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error...

DevTrack Web Service UserName Field SQL Injection

The remote host is running DevTrack, a defect and project tracking tool. The DevTrack Web Services component installed on the remote host contains an ASP script that fails to sanitize user-supplied input to the 'UserName' parameter before using it in a database query. An unauthenticated, remote...

Sql injection

index.php in Nwom topsites 3.0 allows remote attackers to obtain potentially sensitive information via a ' quote character in the o parameter, which forces a SQL error...

CVE-2007-0250

index.php in Nwom topsites 3.0 allows remote attackers to obtain potentially sensitive information via a ' quote character in the o parameter, which forces a SQL error...

CVE-2007-0250

index.php in Nwom topsites 3.0 allows remote attackers to obtain potentially sensitive information via a ' quote character in the o parameter, which forces a SQL error...