CVE-2008-6611

SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2008-6611

CVE-2008-6611 describes a SQL injection in index.php of Minimal ABlog 0.4, exploitable via the id parameter to execute arbitrary SQL commands. The NVD notes a base score of 7.5 (HIGH) with network attack vector and low complexity, no authentication required, affecting confidentiality, integrity, ...

osCommerce oscid会话固定漏洞

BUGTRAQ ID: 34348 osCommerce是一套基于GNUGPL授权的开源在线购物电子商务解决方案。 当客户端访问OSCommerce网页时，服务器会发送一个cookie，并将该cookie用作所有之后请求的会话cookie。因此，一旦登录成功，所有之后的请求都会用这个cookie来认证用户，这样攻击者就可以劫持会话执行各种非授权操作。 Harald Ponce de Leon OSCommerce 3.0 Beta Harald Ponce de Leon OSCommerce 2.2 厂商补丁： Harald Ponce de Leon...

Code injection

LightNEasy "no database" aka flat version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to 1 index.php and 2 LightNEasy.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in LightNEasy "no database" aka flat version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to 1 index.php and 2 LightNEasy.php...

Sql injection

SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php...

CVE-2008-6584

html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the urlupload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/ user directory...

CVE-2008-6591

LightNEasy "no database" aka flat version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to 1 index.php and 2 LightNEasy.php...

CVE-2008-6593

CVE-2008-6593 describes an SQL injection in LightNEasy SQLite 1.2.2 and earlier affecting lightneasy.php. The vulnerability allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php, due to insufficient input validation in the affected component. T...

CVE-2008-6596

CVE-2008-6596 affects PHCDownload 1.1, specifically the admin/index.php component. The vulnerability is a SQL injection via the hash parameter, enabling remote attackers to execute arbitrary SQL commands. Documented impact per the CVE is partial confidentiality, integrity, and availability exposu...

Sql injection

SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action...

CVE-2009-1225

CVE-2009-1225 concerns Turnkey Ebook Store 1.1, where the index.php search action is vulnerable to XSS through the keywords parameter. The root cause is unsanitized input that allows injection of arbitrary HTML/script. Exploitation details or in-wild status are not provided in the documents, and ...

Sql injection

SQL injection vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the x parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-6526

SQL injection vulnerability in index.php in BosDev BosClassifieds allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-1838...

CVE-2008-6521

index.php in Terracotta aka OpenTerracotta 0.6.1 allows remote attackers to obtain sensitive information via an invalid File parameter, which reveals the installation path in an error message...

Sql injection

SQL injection vulnerability in index.php in BosDev BosClassifieds allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-1838...

CVE-2008-6521

index.php in Terracotta aka OpenTerracotta 0.6.1 allows remote attackers to obtain sensitive information via an invalid File parameter, which reveals the installation path in an error message...

CVE-2008-6526

SQL injection vulnerability in index.php in BosDev BosClassifieds allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-1838...

CVE-2008-6526

CVE-2008-6526 concerns a SQL injection in BosDev BosClassifieds Classified Ads System 3.0. The vulnerability exists in index.php where the cat_id parameter is unsafely used in SQL queries, allowing remote attackers to execute arbitrary SQL commands. This mirrors the related CVE-2008-1838 vector, ...

CVE-2009-1065

The CVE-2009-1065 entry concerns a SQL injection vulnerability in Pixie CMS 1.01a (index.php) that allows remote attackers to execute arbitrary SQL commands via the x parameter. Affected component: Pixie CMS 1.01a, vulnerability in index.php; root cause is improper handling of input leading to SQ...