SunShop Shopping Cart 4.0 - index.php?l Cross-Site Scripting

SunShop Shopping Cart 4.0 - index.php?l Cross-Site Scripting source: https://www.securityfocus.com/bid/23856/info TurnkeyWebTools SunShop Shopping Cart is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may...

WF-Quote 1.0 Xoops Module - index.php SQL Injection

WF-Quote 1.0 Xoops Module - index.php SQL Injection source: https://www.securityfocus.com/bid/23845/info The WF-Quote module for the Xoops CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this...

Net Portal Dynamic System (NPDS) 5.10 - Remote Code Execution (2)

?php /---------------------------------------------------------\ NPDS = 5.10 - Remote Code Execution exploit |Description:| Security holes were found in NPDS 5.10. N°1: Sql Injection in cookies File Mainfile.php lines 655 to 691. No check is carried out on nicknames or Id which can allow an...

Gazi Download Portal - 'Down_Indir.asp' SQL Injection

source: https://www.securityfocus.com/bid/23714/info Gazi Download Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or...

E-Annu - home.php SQL Injection

E-Annu - home.php SQL Injection source: https://www.securityfocus.com/bid/23727/info E-Annu is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

Burak Yilmaz Blog 1.0 - BRY.asp SQL Injection

Burak Yilmaz Blog 1.0 - BRY.asp SQL Injection source: https://www.securityfocus.com/bid/23678/info Burak Yilmaz Blog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attack...

Exponent CMS 0.96.50.96.6 - magpie_debug.php?url Cross-Site Scripting

Exponent CMS 0.96.50.96.6 - magpiedebug.php?url Cross-Site Scripting source: https://www.securityfocus.com/bid/23574/info Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow ...

Exponent CMS 0.96.50.96.6 - iconspopup.php?icodir Traversal Arbitrary Directory Listing

Exponent CMS 0.96.50.96.6 - iconspopup.php?icodir Traversal Arbitrary Directory Listing source: https://www.securityfocus.com/bid/23574/info Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these...

NuclearBB Alpha 1 - Multiple SQL Injections

source: https://www.securityfocus.com/bid/23555/info NuclearBB is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or...

DropAFew 0.2 - newaccount2.php Arbitrary Account Creation

DropAFew 0.2 - newaccount2.php Arbitrary Account Creation source: https://www.securityfocus.com/bid/23400/info DropAFew is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could...

DropAFew 0.2 - 'newaccount2.php' Arbitrary Account Creation

source: https://www.securityfocus.com/bid/23400/info DropAFew is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or...

PHP-Fusion 6.1.5 Mod Calendar_Panel - 'Show_Event.php' SQL Injection

source: https://www.securityfocus.com/bid/23225/info PHP-Fusion is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...

PHP-Fusion 6.1.5 Mod Calendar_Panel - Show_Event.php SQL Injection

PHP-Fusion 6.1.5 Mod CalendarPanel - ShowEvent.php SQL Injection source: https://www.securityfocus.com/bid/23225/info PHP-Fusion is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could all...

W-Agora 4.2.1 - 'change_password.php?userid' Cross-Site Scripting

source: https://www.securityfocus.com/bid/23057/info w-Agora is prone to multiple input-validation vulnerabilities, including possible SQL-injection issues and multiple cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow a...

W-Agora 4.2.1 - search.php?search_user Cross-Site Scripting

W-Agora 4.2.1 - search.php?searchuser Cross-Site Scripting source: https://www.securityfocus.com/bid/23057/info w-Agora is prone to multiple input-validation vulnerabilities, including possible SQL-injection issues and multiple cross-site scripting issues, because it fails to sufficiently sanitiz...

PHPX 3.5.153.5.16 - print.php SQL Injection

PHPX 3.5.153.5.16 - print.php SQL Injection source: https://www.securityfocus.com/bid/23033/info PHPX is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based...

PHPX 3.5.15/3.5.16 - 'users.php' SQL Injection

source: https://www.securityfocus.com/bid/23033/info PHPX is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitra...

PHPX 3.5.15/3.5.16 - 'forums.php' SQL Injection

source: https://www.securityfocus.com/bid/23033/info PHPX is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitra...

phpStats 0.1.9 - Multiple SQL Injections

source: https://www.securityfocus.com/bid/23003/info Php-Stats is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application,...

Tyger Bug Tracking System 1.1.3 - 'register.php?PATH_INFO' Cross-Site Scripting

source: https://www.securityfocus.com/bid/22799/info Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input. Exploiting these...