CVE-2010-0955

The CVE-2010-0955 entry refers to a SQL injection in Bild Flirt Community 2.0, specifically in index.php where the id parameter can be exploited to execute arbitrary SQL commands remotely. Affected component: Bild Flirt Community 2.0 (index.php). Root cause: unsafely concatenated id parameter in ...

Sql injection

SQL injection vulnerability in the HotBrackets Tournament Brackets comhotbrackets component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php...

Directory traversal

Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus comifnexus component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php...

CVE-2010-0943

Directory traversal vulnerability in the JA Showcase comjashowcase component for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter in a jashowcase action to index.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 index.php, 2 inc/login.php, 3 admin/index.php, and 4 admin/forgot.php...

CVE-2010-0944

Directory traversal vulnerability in the JCollection comjcollection component for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php...

CVE-2009-4678

Winn Guestbook 2.4 is affected by a Cross-site scripting (XSS) vulnerability in index.php, exploitable via PATH_INFO to inject arbitrary web script or HTML. The provided documents identify the vulnerable component as Winn Guestbook 2.4 (index.php) and the exploit vector PATH_INFO but do not inclu...

Design/Logic Flaw

admin/admininfo/index.php in the Mole Group Gastro Portal Restaurant Directory Script does not require administrative authentication, which allows remote attackers to change the admin password via an unspecified form submission...

CVE-2009-4675

admin/admininfo/index.php in the Mole Group Gastro Portal Restaurant Directory Script does not require administrative authentication, which allows remote attackers to change the admin password via an unspecified form submission...

Natychmiast CMS Cross Site Scripting / SQL Injection

Title: SQL injection vulnerability in Natychmiast CMS Date: 03.03.2010 Author: Ariko-Security Software Link: http://www.natychmiast-cms.pl/ Version: ALL ============ Ariko-Security - Advisory 2/3/2010 ============= SQL injection and XSS vulnerability in NATYCHMIAST CMS Vendor's Description of...

CVE-2010-0802

SQL injection vulnerability in index.php in nv2 Awards 1.1.0, a modification for Invision Power Board, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action...

CVE-2010-0802

The CVE-2010-0802 entry concerns the (nv2) Awards 1.1.0 modification for Invision Power Board. A vulnerability in index.php allows SQL injection via the id parameter in a view action, enabling remote attackers to execute arbitrary SQL commands. The issue affects the affected file/function and can...

CVE-2010-0804

CVE-2010-0804 : The vulnerability is a cross-site scripting (XSS) flaw in the iBoutique 4.0 application, specifically in index.php. The issue arises when a crafted value is supplied to the key parameter in a products action, allowing remote attackers to inject arbitrary web script or HTML. The af...

Sql injection

SQL injection vulnerability in index.php in KuwaitPHP eSmile allows remote attackers to execute arbitrary SQL commands via the cid parameter in a show action...

Sql injection

SQL injection vulnerability in index.php in CommodityRentals CD Rental Software allows remote attackers to execute arbitrary SQL commands via the catid parameter in a catalog action...

CVE-2010-0764

CVE-2010-0764 describes a SQL injection in KuwaitPHP eSmile's index.php during the show action, exploitable via the cid parameter. The vulnerability allows remote attackers to execute arbitrary SQL commands. The provided documents confirm the affected component and the injection vector but do not...

Uiga Personal Portal index.php SQL Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================== Uiga Personal Portal index.php SQL Injection Vulnerability ==========================================================...

phpMySite Cross Site Scripting / SQL Injection

================================================================= phpMySite XSS/SQLi Multiple Remote Vulnerabilities ================================================================= Author: Crux Homepage: http://hack-tech.com Date: 2-27-2010 Software Link: http://www.phpmysite.com/ Version: N/A...

Joomla! Component com_liveticker - Blind SQL Injection

!/usr/bin/php » Greetz to: Spécial His0k4 Tous les hackers Algérie » Dork: inurl:index.php?option=comliveticker "viewticker" Joomla comliveticker tid Blind SQL Injection Exploit x Usage: Snakespc.php "http://url/index.php?option=comliveticker&task=viewticker&tid=1" '; if $argc 1 $url = $argv1; $r...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php/Special/Main/Templates in WikyBlog 1.7.2 and 1.7.3 rc2 allows remote attackers to inject arbitrary web script or HTML via the which parameter in a copy action...