248 matches found
CVE-2006-0249
SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD1.0 allows remote attackers to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter $tmpCategory variable...
Sql injection
SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD1.0 allows remote attackers to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter $tmpCategory variable...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in GTP iCommerce allows remote attackers to inject arbitrary web script or HTML via the 1 cat and 2 subcat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-0109
Cross-site scripting vulnerability in category.php in Modular Merchant Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the cat parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in @Card ME PHP allows remote attackers to inject arbitrary web script or HTML via the cat parameter...
CVE-2006-0093
Cross-site scripting XSS vulnerability in index.php in @Card ME PHP allows remote attackers to inject arbitrary web script or HTML via the cat parameter...
CVE-2006-0093
Cross-site scripting XSS vulnerability in index.php in @Card ME PHP allows remote attackers to inject arbitrary web script or HTML via the cat parameter...
CVE-2005-4355
Multiple cross-site scripting XSS vulnerabilities in UStore allow remote attackers to inject arbitrary web script or HTML via the 1 Cat parameter in default.asp and the 2 accessdenied parameter in admin/default.asp. NOTE: the provenance of this information is unknown; the details are obtained...
PT-2005-4920 · Jamit · Jamit Job Board
Name of the Vulnerable Software and Affected Versions: Jamit Job Board versions 2.4.1 and earlier Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the cat parameter in the "index.php" file. The vendor has disputed this issue, claiming it has no basi...
CVE-2005-4198
SQL injection vulnerability in index.php in Netref 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources...
CVE-2005-4075
Multiple cross-site scripting XSS vulnerabilities in index.cfm in CFNuke 4.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 topic and 2 newsid parameter in the news sector, and 3 cat parameter in the links sector...
Blog System v1.2 SQL inj. vuln.
Blog System v1.2 SQL inj. vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/blog-system-v12-sql-inj-vuln.html vendor:http://www.netartmedia.net/blogsystem/ affected version:v1.2 and prior Product Description: Blog System allows you to launch and...
CVE-2005-3854
Cross-site scripting XSS vulnerability in index.php in EasyPageCMS allows remote attackers to inject arbitrary web script or HTML via the cat parameter...
CVE-2005-3816
Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 and earlier and earlier allow remote attackers to execute arbitrary SQL commands via the 1 cat parameter or 2 thread parameter in thread mode...
CVE-2004-2509
Infopop UBB.Threads exposes XSS in multiple pages. Affected versions include 6.2.3 and 6.5, with vulnerable scripts calendar.php, login.php, and online.php. The underlying issue is cross-site scripting via the Cat parameter, enabling remote attackers to inject arbitrary script/HTML into a user’s ...
CVE-2004-2510
Cross-site scripting XSS vulnerability in showflat.php in Infopop UBB.Threads before 6.5 allows remote attackers to inject arbitrary web script or HTML via the Cat parameter...
CVE-2004-2509
Cross-site scripting XSS vulnerabilities in 1 calendar.php, 2 login.php, and 3 online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter...
CVE-2003-1231
CVE-2003-1231: Cross-site scripting (XSS) in ECW-Shop 5.5 (index.php) allows remote attackers to inject arbitrary script/HTML via the cat parameter. The provided sources describe the vulnerability but do not include explicit exploit code, affected versions beyond 5.5, or remediation steps. No add...
CVE-2003-1231
Cross-site scripting XSS vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter...
CVE-2005-1810
SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $catID variable, as demonstrated using the cat parameter to index.php...