xy7

4 exploits Active since Sep 2008
CVE-2008-7269 EXPLOITDB text WORKING POC
SiteEngine 5.x - Open Redirect via Forward Parameter
Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action.
CVE-2008-7268 EXPLOITDB text WORKING POC
SiteEngine 5.x - Exposure of Sensitive Information via phpinfo Action Parameter
The phpinfo function in SiteEngine 5.x allows remote attackers to obtain system information by setting the action parameter to php_info in misc.php.
CVE-2008-7267 EXPLOITDB text WORKING POC
SiteEngine 5.x - SQL Injection via Announcements.php id Parameter
SQL injection vulnerability in announcements.php in SiteEngine 5.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4151 EXPLOITDB text WORKING POC
CYASK 3.x - Path Traversal via Neturl Parameter
Directory traversal vulnerability in collect.php in CYASK 3.x allows remote attackers to read arbitrary files via a .. (dot dot) in the neturl parameter.