CVE-2006-4417

XOOPS contains a SQL injection vulnerability (CVE-2006-4417) in edituser.php via the user_avatar parameter, affecting XOOPS prior to version 2.0.15. The issue allows remote attackers to execute arbitrary SQL commands; no exploitation details are provided in the documents. The public references in...

MyBloggie 2.1.2/2.1.3 - 'edituser.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in...

Default credentials

edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account...

CVE-2006-0691

edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account...

CVE-2005-4225

Multiple "potential" SQL injection vulnerabilities in myBloggie 2.1.3 beta might allow remote attackers to execute arbitrary SQL commands via 1 the category parameter in add.php, 2 the catdesc parameter in addcat.php, 3 the level and user parameters in adduser.php, 4 the postid parameter in...