[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 251453 Download | Alert*

PHPIDS before 20070703 does not properly handle use of the substr method in (1) document.location.search and (2) document.referrer; (3) certain use of document.location.hash; (4) certain "window[eval" and similar expressions; (5) certain Function expressions; (6) certain '=' expressions, as demonstrated by a 'whatever="something"' sequence; and (7) certain "with" expressions, which allows remote a ...

PHPIDS before 20070703 does not properly handle (1) arithmetic expressions and (2) unclosed comments, which allows remote attackers to inject arbitrary web script.

PHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script.

PHPIDS does not properly handle certain code containing newlines, as demonstrated by a try/catch block within a loop, which allows user-assisted remote attackers to inject arbitrary web script.

The Jedox Palo 1.5 client transmits the password in cleartext, which might allow remote attackers to obtain the password by sniffing the network, as demonstrated by starting Excel with the Palo plugin, opening a cube, and performing an Insert View.

SQL injection vulnerability in index.php in SuperCali PHP Event Calendar 0.4.0 allows remote attackers to execute arbitrary SQL commands via the o parameter.

SQL injection vulnerability in details_news.php in Girlserv ads 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the idnew parameter.

SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter.

PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.

Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. NOTE: programs that use games.php might include (a) snakep.php, (b) tetrisp.php, and possibly other site-specific files.


Pages:      Start    24687    24688    24689    24690    24691    24692    24693    24694    24695    24696    24697    24698    24699    24700    ..   25145

© SecPod Technologies