Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the 1 search form; 2 expresiondebusqueda, 3 letra, 4 estadoid, and 5 tema parameters to index.php; the 6 PATHINFO to index.php; 7 unspecified parameters...

Sql injection

Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magicquotesgpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the 1 mail, 2 password, and 3 letra parameters to index.php; 4 y and 5 m parameters to sobre.php; and the...

Sql injection

Multiple SQL injection vulnerabilities in index.php in phPhotoGallery 0.92 allow remote attackers to execute arbitrary SQL commands via the 1 Username and 2 Password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-6802

Multiple SQL injection vulnerabilities in index.php in phPhotoGallery 0.92 allow remote attackers to execute arbitrary SQL commands via the 1 Username and 2 Password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2009-1584

Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magicquotesgpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the 1 mail, 2 password, and 3 letra parameters to index.php; 4 y and 5 m parameters to sobre.php; and the...

CVE-2009-1584

Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magicquotesgpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the 1 mail, 2 password, and 3 letra parameters to index.php; 4 y and 5 m parameters to sobre.php; and the...

CVE-2009-1583

Multiple cross-site scripting XSS vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the 1 search form; 2 expresiondebusqueda, 3 letra, 4 estadoid, and 5 tema parameters to index.php; the 6 PATHINFO to index.php; 7 unspecified parameters...

CVE-2008-6802

Affected product: phPhotoGallery 0.92 (index.php). The CVE describes multiple SQL injection vulnerabilities allowing remote attackers to modify/steal data via the (1) Username and (2) Password fields due to insufficient input sanitization. Exploitation status and practical exploit details are not...

CVE-2009-1583

CVE-2009-1583 affects TemaTres 1.0.3 and 1.031, with multiple XSS vulnerabilities (and, per OpenVAS, SQLi in some checks) exposed via several parameters to index.php and sobre.php. Impact described as remote script/HTML injection; no exploitation details are provided in the initial/connected docu...

CVE-2009-1548

SQL injection vulnerability in index.php in BluSky CMS allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a read action...

CVE-2009-1548

The vulnerability CVE-2009-1548 is a SQL injection in BluSky CMS, targeting index.php via the news_id parameter in a read action, allowing remote attackers to execute arbitrary SQL commands. This is described as a SQL injection vulnerability with high impact (partial confidentiality, integrity, a...

CVE-2008-6790

The admin module in MindDezign Photo Gallery 2.2 allows remote attackers to add administrative users and gain privileges via a modified username parameter in an edit account action to index.php...

CVE-2008-6790

The admin module in MindDezign Photo Gallery 2.2 allows remote attackers to add administrative users and gain privileges via a modified username parameter in an edit account action to index.php...

Sql injection

SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows remote attackers to execute arbitrary SQL commands via the sn parameter...

CVE-2009-1499

The CVE-2009-1499 entry describes an SQL injection in the Joomla! MailTo (com_mailto) component. The vulnerability allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php, indicating a remote‑code capable injection affecting the application’s database quer...

ProjectCMS 1.0b (index.php sn) Remote SQL Injection Vulnerability

No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! ------------------...

Directory traversal

Directory traversal vulnerability in admin/load.php in FunGamez RC1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the module parameter to index.php...

CVE-2009-1480

Pragyan CMS 2.6.4 is affected by a SQL injection in index.php. The vulnerability is triggered via the fileget parameter in a view action and other vectors, enabling remote attackers to execute arbitrary SQL commands. Exploitation details are not provided in the documents, and there is no remediat...

Thickbox Gallery v2 (index.php ln) Local File Inclusion Vulnerability

No description provided by source. + Thickbox Gallery v2 Local File Inclusion Vulnerability + Discovered By SirGod + www.mortal-team.net + www.h4cky0u.org + Local File Inclusion PoC : http://127.0.0.1/path/index.php?ln=../../../../../../BOOTSECT.BAK%00...

CVE-2009-1445

Multiple directory traversal vulnerabilities in WebPortal CMS 0.8-beta allow remote attackers to 1 read arbitrary files via directory traversal sequences in the lang parameter to libraries/helpdocs/help.php and 2 include and execute arbitrary local files via directory traversal sequences in the...