CVE-2009-3184

Multiple SQL injection vulnerabilities in index.php in Pirates of The Caribbean in the E-Gold Game Series allow remote attackers to execute arbitrary SQL commands via the 1 x and 2 y parameters...

CVE-2009-3194

Cross-site scripting XSS vulnerability in index.php in JCE-Tech SearchFeed Script allows remote attackers to inject arbitrary web script or HTML via the search parameter...

CVE-2009-3194

Cross-site scripting (XSS) vulnerability identified as CVE-2009-3194 affects the JCE-Tech SearchFeed Script’s index.php. The issue allows remote attackers to inject arbitrary web script or HTML via the search parameter. Public references in the NVD entry indicate an XSS with a base score of 4.3 (...

Sql injection

SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter...

CVE-2009-3167

CVE-2009-3167 affects Anantasoft Gazelle CMS 1.0. A directory traversal flaw in index.php allows reading arbitrary files via a .. sequence in the template parameter when magic_quotes_gpc is disabled. This is a server-side input handling issue in the template parameter, enabling potential exposure...

Sql injection

SQL injection vulnerability in index.php in Multi Website 1.5 allows remote attackers to execute arbitrary SQL commands via the Browse parameter in a vote action...

Nullam Blog 0.1.2 LFI / XSS / SQL Injection

-- Salvatore Fresta aka drosophila CWNP444351 Salvatore "drosophila" Fresta + Application: Nullam Blog + Version: 0.1.2 + Website: http://nullam.net/ + Bugs: A Local File Inclusion B File Disclosure C Multiple Blind SQL Injection D SQL Injection E Reflected XSS + Exploitation: Remote + Date: 10 S...

T-HTB Manager 0.5 - Multiple Blind SQL Injections

T-HTB Manager 0.5 - Multiple Blind SQL Injections Salvatore "drosophila" Fresta + Application: T-HTB Manager + Version: 0.5 + Website: http://sourceforge.net/apps/mediawiki/t-htbmanager/index.php?title=MainPage + Bugs: A Multiple Blind SQL Injection + Exploitation: Remote + Date: 10 Sep 2009 +...

Sql injection

SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the year parameter in a calendar action...

CVE-2009-3116

CVE-2009-3116 is a SQL injection in the Uiga Church Portal, affecting the index.php calendar action where the year parameter can be manipulated to execute arbitrary SQL. The vulnerability is remote-exploitable with high impact (CVSS v2 base 7.5; Confidentiality, Integrity, and Availability partia...

Authentication flaw

OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMINHora, ADMINLogado, and ADMINNome cookies to certain values, as reachable in Admin/index.php...

CVE-2008-7179

OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMINHora, ADMINLogado, and ADMINNome cookies to certain values, as reachable in Admin/index.php...

CVE-2009-3081

CVE-2009-3081 affects the Uiga Church Portal (index.php). The vulnerability is a SQL injection in the calendar action, exploitable via the month parameter, enabling remote attackers to execute arbitrary SQL commands. Root cause and exact affected version details are not provided in the initial do...

CVE-2009-3067

Cross-site scripting XSS vulnerability in index.php in Reservation Manager allows remote attackers to inject arbitrary web script or HTML via the resmanstartdate parameter...

CVE-2009-3053

Directory traversal vulnerability in the Agora comagora component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Reservation Manager allows remote attackers to inject arbitrary web script or HTML via the resmanstartdate parameter...

CVE-2009-3067

CVE-2009-3067 is a Cross-site scripting (XSS) vulnerability in index.php of Reservation Manager. It allows remote attackers to inject arbitrary web script/HTML via the resman_startdate parameter. NVD notes a Base Score of 4.3 (Medium). No explicit exploit details or fixes are provided in the conn...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 languagesetup parameter to setup.php or 2 test parameter to index.php. NOTE: the provenance of this information is unknown; the details are...

CVE-2008-7145

Multiple SQL injection vulnerabilities in index.php in CoronaMatrix phpAddressBook 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 parameters...

CVE-2008-7133

Multiple cross-site scripting XSS vulnerabilities in onlinetools.org EasyImageCatalogue 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 search and 2 d index.php parameters to index.php, 3 dir parameter to thumber.php, and the d parameter to 4 describe.php and 5...