Comersus Cart 7.0.7 - comersus_message.asp redirectUrl Cross-Site Scripting

Comersus Cart 7.0.7 - comersusmessage.asp redirectUrl Cross-Site Scripting source: https://www.securityfocus.com/bid/24562/info Comersus Cart is affected by multiple input validation vulnerabilities. A successful exploit could allow an attacker to compromise the application, access or modify data...

CVE-2007-3225

Unspecified vulnerability in Sun Java System Directory Server slapd 6.0, and 5.2 with Patch 3 or 4, allows remote attackers to modify certain data via unknown vectors...

CVE-2007-3225

Sun Java System Directory Server (slapd) 6.0 and 5.2 with Patch 3 or 4 are affected by CVE-2007-3225. The vulnerability allows remote attackers to modify certain data via unknown vectors. The available documents do not specify the exact component/function/file/root cause, nor provide a confirmed ...

CVE-2007-3225

Unspecified vulnerability in Sun Java System Directory Server slapd 6.0, and 5.2 with Patch 3 or 4, allows remote attackers to modify certain data via unknown vectors...

CVE-2007-3219

CVE-2007-3219 affects Invision Power Board (IPB/IP.Board) versions 2.2.0–2.2.2. The vulnerability is in sources/action_public/xmlout.php and is described as an unspecified issue that allows remote attackers to modify another user’s profile data (e.g., AIM screen name, Yahoo! identity). Documented...

My Databook - diary.php?year Cross-Site Scripting

My Databook - diary.php?year Cross-Site Scripting source: https://www.securityfocus.com/bid/24311/info My DataBook is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. Exploiting these issues could allow an attacker to steal cookie-based...

PHP JackKnife 2.21 - (PHPJK) UserAreaNewAccountsindex.php?sAccountUnq Cross-Site Scripting

PHP JackKnife 2.21 - PHPJK UserAreaNewAccountsindex.php?sAccountUnq Cross-Site Scripting source: https://www.securityfocus.com/bid/24253/info PHP JackKnife is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. Exploiting these issues could...

PHP JackKnife 2.21 - (PHPJK) G_Display.php?iCategoryUnq SQL Injection

PHP JackKnife 2.21 - PHPJK GDisplay.php?iCategoryUnq SQL Injection source: https://www.securityfocus.com/bid/24253/info PHP JackKnife is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. Exploiting these issues could allow an attacker to...

CPCommerce 1.1 - manufacturer.php SQL Injection

CPCommerce 1.1 - manufacturer.php SQL Injection source: https://www.securityfocus.com/bid/24223/info cpCommerce is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

[waraxe-2007-SA#051] - Sql Injection in 2z Project 0.9.5

waraxe-2007-SA051 - Sql Injection in 2z Project 0.9.5 ==================================================================== Author: Janek Vind "waraxe" Date: 23. May 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-51.html Target software description: Vulnerable: 2z Project 0.9.5...

SunShop Shopping Cart 4.0 - index.php?l Cross-Site Scripting

SunShop Shopping Cart 4.0 - index.php?l Cross-Site Scripting source: https://www.securityfocus.com/bid/23856/info TurnkeyWebTools SunShop Shopping Cart is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may...

WF-Quote 1.0 Xoops Module - index.php SQL Injection

WF-Quote 1.0 Xoops Module - index.php SQL Injection source: https://www.securityfocus.com/bid/23845/info The WF-Quote module for the Xoops CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this...

Net Portal Dynamic System (NPDS) 5.10 - Remote Code Execution (2)

?php /---------------------------------------------------------\ NPDS = 5.10 - Remote Code Execution exploit |Description:| Security holes were found in NPDS 5.10. N°1: Sql Injection in cookies File Mainfile.php lines 655 to 691. No check is carried out on nicknames or Id which can allow an...

E-Annu - home.php SQL Injection

E-Annu - home.php SQL Injection source: https://www.securityfocus.com/bid/23727/info E-Annu is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

Gazi Download Portal - 'Down_Indir.asp' SQL Injection

source: https://www.securityfocus.com/bid/23714/info Gazi Download Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or...

Burak Yilmaz Blog 1.0 - BRY.asp SQL Injection

Burak Yilmaz Blog 1.0 - BRY.asp SQL Injection source: https://www.securityfocus.com/bid/23678/info Burak Yilmaz Blog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attack...

Exponent CMS 0.96.50.96.6 - magpie_debug.php?url Cross-Site Scripting

Exponent CMS 0.96.50.96.6 - magpiedebug.php?url Cross-Site Scripting source: https://www.securityfocus.com/bid/23574/info Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow ...

Exponent CMS 0.96.50.96.6 - iconspopup.php?icodir Traversal Arbitrary Directory Listing

Exponent CMS 0.96.50.96.6 - iconspopup.php?icodir Traversal Arbitrary Directory Listing source: https://www.securityfocus.com/bid/23574/info Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these...

NuclearBB Alpha 1 - Multiple SQL Injections

source: https://www.securityfocus.com/bid/23555/info NuclearBB is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or...

DropAFew 0.2 - newaccount2.php Arbitrary Account Creation

DropAFew 0.2 - newaccount2.php Arbitrary Account Creation source: https://www.securityfocus.com/bid/23400/info DropAFew is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could...