Empire CMS 3.7 - 'checklevel.php' Remote File Inclusion

Empire CMS =3.7 checklevel.php Remote File Include Vulnerability Find by: Bob Linuson Code: 2 $includefile=$checkpath."e/class/MemberLevel.php"; 3 include"$includefile"; ..... 67 include$checkpath."e/class/connect.php"; 68 include$checkpath."e/class/dbsql.php"; 69...

CVE-2006-2951

Multiple cross-site scripting XSS vulnerabilities in Net Portal Dynamic System NPDS 5.10 and earlier allow remote attackers to inject arbitrary web script and HTML via the 1 Titlesitename or 2 sitename parameter to a header.php, 3 nukeurl parameter to b meta/meta.php, 4 forum parameter to c...

CVE-2006-2951

CVE-2006-2951 concerns multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS)

E107 v.6.17d vuln.

SQL Injection Существует из-за того, что не проверяется значение $order, преданное в POST-запросе к /user.php В случае, если: злоумышленник знает полный путь к каталогу, в котором размещен контент; magicquotesgpc=off; пользователь, с чьими правами идет обращение к БД имеет права Filepriv; то, он...

CVE-2006-1853

Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier allow remote attackers or administrators to execute arbitrary SQL commands via the 1 id parameter in a user.php, or 2 where and 3 order parameters to b admin.php...

Sql injection

SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to 1 functions.php and 2 user.php in the libs directory, 3 edit.php and 4 delete.php in control/files/, 5 edit.php and 6 delete.php in control/users/, 7 edit.php,...

Cross site scripting

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting XSS attacks via HTML tags with a trailing "" character by some web browsers but bypasses the blacklist protection in 1 the pnVarCleanFromInput function in pnAPI.php, 2 the pnSecureInput...

CVE-2006-0800

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting XSS attacks via HTML tags with a trailing "" character by some web browsers but bypasses the blacklist protection in 1 the pnVarCleanFromInput function in pnAPI.php, 2 the pnSecureInput...

CVE-2006-0313

Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors involving 1 util.php, 2 userpref.php, 3 user.php, 4 uploadfrm.php, 5 title.php, 6 team.php, 7 stats.php, 8 page.php, 9 org.php, 10 member.php...

Sql injection

SQL injection vulnerability in Primo Cart 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 q parameter to search.php and 2 email parameter to user.php...

CVE-2006-0068

SQL injection vulnerability in Primo Cart 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 q parameter to search.php and 2 email parameter to user.php...

CVE-2006-0068

SQL injection vulnerability in Primo Cart 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 q parameter to search.php and 2 email parameter to user.php...

CVE-2005-3020

Multiple cross-site scripting XSS vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the 1 group parameter to css.php, 2 redirect parameter to index.php, 3 email parameter to user.php, 4 goto parameter to language.php, 5 orderby parameter t...

CVE-2005-2689

Multiple cross-site scripting XSS vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via 1 the moderate parameter to the Comments module or 2 htmltext parameter to html/user.php...

CVE-2005-2689

Multiple cross-site scripting XSS vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via 1 the moderate parameter to the Comments module or 2 htmltext parameter to html/user.php...

CVE-2005-2596

User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries...

CVE-2005-2596

CVE-2005-2596 concerns a programming error in the Gallery component used with Postnuke that allows any user with Admin privileges to access all galleries. Open-source advisories and Debian security notes describe a remote-attack surface stemming from a bug in the gallery code that grants full gal...

CVE-2005-2596

User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries...

CVE-2001-1521

CVE-2001-1521 is an XSS vulnerability in PostNuke 0.64, specifically in the file/user component user.php , where the uname parameter can be exploited to inject arbitrary web script or HTML. The public records identify the affected software as PostNuke 0.64 and the vulnerability as a cross-site sc...

CVE-2004-2031

The CVE-2004-2031 entry concerns the e107 CMS: a Cross-site Scripting (XSS) vulnerability in the file user.php that allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields. The recorded impact is partial integrity compromise with no confidentiali...