CVE-2012-5330

As provided, CVE-2012-5330 is an XSS vulnerability in asaanCart 0.9 affecting multiple entry points: the PATH_INFO parameters to calc.php, chat.php, register.php, or index.php in libs/smarty_ajax/, and the page parameter to libs/smarty_ajax/index.php. The description does not specify affected ver...

CVE-2012-5312

CVE-2012-5312 describes a SQL injection in Tribiq CMS. The affected component is the CMS (Tribiq CMS) and the vulnerability is triggered via the id parameter to index.php, allowing remote attackers to execute arbitrary SQL commands. The available sources explicitly state the vulnerability type an...

Sql injection

Multiple SQL injection vulnerabilities in EasyWebRealEstate allow remote attackers to execute arbitrary SQL commands via the 1 lstid parameter to listings.php or 2 infoid parameter to index.php...

Sql injection

Multiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 index.php or 2 gallery.php...

23rdweb Studio SQL Injection

---------------------------------------------------------------- 23rdweb Studio SQL Injection Vulnerability ---------------------------------------------------------------- Exploit Title : 23rdweb Studio SQL Injection Vulnerability Author : Hack Center Security Team Discovered By : Net.W0lf...

Handshakes Professional 4.1 SQL Injection

HTTPCS Advisory : HTTPCS70 Product : Handshakes Professional Version : 4.1 Date : 2012-10-01 Criticality level : Highly Critical Description : A vulnerability has been discovered in Handshakes Professional, which can be exploited by malicious people to conduct SQL injection attacks. Input passed...

CVE-2012-5234

Open redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter...

Open redirect

Open redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter...

CVE-2012-5234

Open redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter...

CVE-2012-1604

Cross-site scripting XSS vulnerability in NextBBS 0.6 allows remote attackers to inject arbitrary web script or HTML via the do parameter to index.php...

CVE-2012-0989

Cross-site scripting XSS vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php...

CVE-2012-5228

Cross-site scripting XSS vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. NOTE: some of these details are obtained from third party information...

CVE-2012-5228

CVE-2012-5228 is a cross-site scripting (XSS) vulnerability in admin/index.php of phplist, affecting 2.10.9 and 2.10.17 (and possibly other versions prior to 2.10.19). The issue allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. The connected documents co...

Poweradmin index.php XSS

The Poweradmin install hosted on the remote web server is affected by a cross-site scripting vulnerability because it fails to properly sanitize user input appended to the URL of the 'index.php' script. An attacker may be able to leverage this to inject arbitrary HTML and script code into a user'...

FvS Groupmp3 CMS SQL Injection

Exploit Title: FvS Groupmp3 cms Sql Injection Google Dork: inurl:/index.php?adi=mp3 Date: 09/28/2012 Author: Crim3R Vendor Home: Version: - Tested on: Linux Redhat ===============Vuln Codes============= adi parametr in index.php is injectable D3M0 :...

MediaWiki index.php 'uselang' Parameter XSS

The version of MediaWiki running on the remote host is affected by a cross-site scripting vulnerability due to a failure to properly sanitize user-supplied input to the 'uselang' parameter in the 'index.php' script. An attacker can exploit this to inject arbitrary HTML and script code into a user...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in OSClass before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via the 1 sCity, 2 sPattern, 3 sPriceMax, and 4 sPriceMin parameters in a search action to...

Sql injection

Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the 1 oscsearchcategoryid function in oc-includes/osclass/helpers/hSearch.php and 2 findBySlug functio...

CVE-2012-0973

Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the 1 oscsearchcategoryid function in oc-includes/osclass/helpers/hSearch.php and 2 findBySlug functio...

CVE-2012-5105

CVE-2012-5105 affects SQLiteManager 1.2.4 and involves multiple cross-site scripting (XSS) vulnerabilities. Vulnerability details from connected sources show that remote attackers can inject arbitrary web script or HTML via the dbsel parameter to main.php or index.php, or via the nsextt parameter...