UCMS Information Disclosure Vulnerability

UCMS is a content management system written in PHP. UCMS 1.5.0 contains a security vulnerability that stems from an error message returned by the adminchannelscache function in top.php that contains a physical path leak. No details of the vulnerability are currently available...

Code injection

UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache function in top.php...

zzcms SQL Injection Vulnerability (CNVD-2018-26016)

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the zt/top.php file in ZZCMS version 8.3. A remote attacker can exploit this vulnerability to obtain the current user name of mysql...

Sql injection

zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx...

crosstitch.in XSS vulnerability

Vulnerable URL: http://www.crosstitch.in/top.php?productname=%22/%3E%3Cscript%3Ealert/OPENBUGBOUNTY/;%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 09.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...

AlienVault OSSIM 3.1 Reflected XSS and Blind SQL Injection

No description provided by source. !/usr/bin/python ''' AlienVault has a reflected XSS vulnerability in the url parameter of top.php. Proof of Concept: Enticing a logged in user to visit the following URL where an attacker is hosting an cookie grabber will allow for the hijacking of the user...

Alienvault Open Source SIEM (OSSIM) 3.1 - Reflected Cross-Site Scripting Blind SQL Injection

Alienvault Open Source SIEM OSSIM 3.1 - Reflected Cross-Site Scripting Blind SQL Injection !/usr/bin/python ''' AlienVault has a reflected XSS vulnerability in the "url" parameter of "top.php". Proof of Concept: Enticing a logged in user to visit the following URL where an attacker is hosting an...

CVE-2007-1104

The CVE-2007-1104 entry concerns PHP Module Implementation (PHP-MIP) 0.1, specifically a vulnerability in top.php that allows remote attackers to execute arbitrary PHP code via a URL supplied to the laypath parameter (remote file inclusion). The problem is caused by improper handling of the laypa...

PHP-MIP 0.1 (top.php laypath) Remote File Include Vulnerability

No description provided by source. PHP Module Implementationtop.php laypathRemote File Include Vul ^ Downlaoad S : http://sourceforge.net/projects/phpmip/ ^ Author: GolDM = Mahmoodali && Contact: [email protected] ^ In: /path/top.php ^...

PHP-MIP 0.1 - top.php?laypath Remote File Inclusion

PHP-MIP 0.1 - top.php?laypath Remote File Inclusion PHP Module Implementationtop.php laypathRemote File Include Vul ^ Downlaoad S : http://sourceforge.net/projects/phpmip/ ^ Author: GolDM = Mahmoodali && Contact: [email protected] ^ In: /path/top.php ^ Vulnerable Code: ^ include"$laypath/body.php"; Lin...

PHP-MIP 0.1 (top.php laypath) Remote File Include Vulnerability

Exploit for unknown platform in category web applications =============================================================== PHP-MIP 0.1 top.php laypath Remote File Include Vulnerability =============================================================== PHP Module Implementationtop.php laypathRemote Fi...

PHP-MIP 0.1 - 'top.php?laypath' Remote File Inclusion

PHP Module Implementationtop.php laypathRemote File Include Vul ^ Downlaoad S : http://sourceforge.net/projects/phpmip/ ^ Author: GolDM = Mahmoodali && Contact: [email protected] ^ In: /path/top.php ^ Vulnerable Code: ^ include"$laypath/body.php"; Line : 23 ^ Exploit:...

Upload Service 1.0 - 'top.php?maindir' Remote File Inclusion

------------------------------------------------------------------------------------ ECHOADV62$2007 Upload Service 1.0 remote file inclusion ------------------------------------------------------------------------------------ Author : Ahmad Muammar W.K a.k.a y3dips Date Found : January, 21st 2007...

X-Scripts X-Poll Top.PHP SQL注入漏洞

X-Poll是一款基于PHP的投票程序。 X-Poll不正确处理用户提交的WEB数据，远程攻击者可以利用漏洞进行SQL注入获得敏感信息。 问题存在于'Top.PHP'脚本中，由于对用户提交的'poll'参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息。 X-Scripts X-Poll 1.10 http://members.lycos.co.uk/xscripts03/ http://www.example.com/poll/top.php?poll=' AND 0 UNION SELECT 0,...

CVE-2006-3960

The CVE-2006-3960 entry concerns a SQL injection in the X-Scripts X-Poll component, specifically in top.php (likely version 2.30). The vulnerability can be triggered via the poll parameter, enabling remote attackers to execute arbitrary SQL commands. Impact is listed as partial confidentiality/in...

TBE 4.0 XSS

The Banner Engine - tbe4.0 Native Solutions -------------------------- Cross Site Scripting XSS -------------------------- http://target.xx/top.php?action=search&catid=catid&text=3Cscript3Ealert22Ellipsis+Security+Test223C/script3E...

SiteBuilder-FX top.php admindir Parameter Remote File Inclusion

The remote host is running SiteBuilder-FX, a web-based design system written in PHP. The version of SiteBuilder-FX installed on the remote host fails to sanitize input to the 'admindir' parameter of the 'admin/top.php' script before using it to include PHP code. Regardless of the setting of PHP's...

Sql injection

Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sessionid parameter in 1 top.php and 2 member.php. NOTE: this issue has also been reported to affect 1.7.2...

CVE-2006-2214

Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sessionid parameter in 1 top.php and 2 member.php. NOTE: this issue has also been reported to affect 1.7.2...