CVE-2008-6330

SQL injection vulnerability in index.php in MyTopix 1.3.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the send parameter in a notes action...

Sql injection

SQL injection vulnerability in index.php in MyTopix 1.3.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the send parameter in a notes action...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the 1 radio parameter to showcategory.php, 2 msg parameter to advertisers/signinform.php, 3 radio parameter to gallery.php, 4 msg parameter to...

CVE-2008-6310

SQL injection vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to execute arbitrary SQL commands via the fpassword parameter. NOTE: some of these details are obtained from third party information...

Sql injection

SQL injection vulnerability in index.php in W3matter AskPert allows remote attackers to execute arbitrary SQL commands via the fpassword parameter. NOTE: some of these details are obtained from third party information...

Sql injection

SQL injection vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to execute arbitrary SQL commands via the fpassword parameter. NOTE: some of these details are obtained from third party information...

CVE-2008-6309

The CVE-2008-6309 entry describes an SQL injection vulnerability in the W3matter AskPert application, specifically in index.php where the f[password] parameter can be exploited to execute arbitrary SQL commands. This is a remote, unauthenticated vector with network attack potential and a base imp...

CVE-2008-6309

SQL injection vulnerability in index.php in W3matter AskPert allows remote attackers to execute arbitrary SQL commands via the fpassword parameter. NOTE: some of these details are obtained from third party information...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Camera Life 2.6.2b8 allow remote attackers to inject arbitrary web script or HTML via the q parameter to 1 search.php and 2 rss.php; the query string after the image name in 3 photos/photo; the path parameter to 4 folder.php; page parameter and...

Sql injection

Multiple SQL injection vulnerabilities in index.php in FamilyProject 2.0 allow remote attackers to execute arbitrary SQL commands via 1 the logmbr parameter aka login field or 2 the mdpmbr parameter aka pass or "Mot de passe" field. NOTE: some of these details are obtained from third party...

CVE-2008-6282

SQL injection vulnerability in engine/users/userseditpub.inc in CMS Ortus 1.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the city parameter in a userseditpub action to index.php...

CVE-2008-6274

Multiple SQL injection vulnerabilities in index.php in FamilyProject 2.0 allow remote attackers to execute arbitrary SQL commands via 1 the logmbr parameter aka login field or 2 the mdpmbr parameter aka pass or "Mot de passe" field. NOTE: some of these details are obtained from third party...

CVE-2008-6274

CVE-2008-6274: Multiple SQL injection vulnerabilities in index.php of FamilyProject 2.0 allow remote callers to inject SQL via logmbr (login) or mdpmbr (password) parameters. Root cause appears to be unsanitized user input in these fields; impacts include potential partial disclosure/integration/...

CVE-2008-6274

Multiple SQL injection vulnerabilities in index.php in FamilyProject 2.0 allow remote attackers to execute arbitrary SQL commands via 1 the logmbr parameter aka login field or 2 the mdpmbr parameter aka pass or "Mot de passe" field. NOTE: some of these details are obtained from third party...

CVE-2008-6281

SQL injection vulnerability in index.php in Bluo CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2008-6272

Dragan Mitic Apoll web app (0.7 beta and 0.7.5) contains an SQL injection in admin/index.php. The vulnerability arises from insufficient input sanitization of the pass parameter, enabling remote attackers to manipulate SQL commands. Affected component: admin/index.php; vulnerable vector is user-s...

CVE-2008-6270

SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the user parameter...

CVE-2009-0728

SQL injection vulnerability in the MyeGallery module for MAXdev MDPro MD-Pro and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php...

CVE-2008-6260

SQL injection in Ultrastats affects index.php for versions 0.2.144 and 0.3.11, exploitable via the serverid parameter. The root cause is improper input handling in index.php enabling arbitrary SQL commands. Impact is partial confidentiality, integrity, and availability depending on the app’s DB i...

Qwerty CMS - 'id' SQL Injection

QWERTY CMS lite - SQL INJ Found: b3 from GraBBerZ.com = Injection in index.php variable: id http://site/index.php?act=publ&id=-3+UNION+SELECT+1,2,3,4,5 = Administrator Table: rkh8t5po Columns: secret873ktlW,pass459khyf Column with pass: pass459khyf Admin CP: /admin/admin.php = CMS PAGE :...