CVE-2008-6154

SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idcat parameter...

CVE-2008-6155

SQL injection vulnerability in index.php of Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idtl parameter in a buy action. Affected software is Hispah Text Links Ads 1.1; root cause is improper handling of the idtl parameter leading to SQL injection. C...

CVE-2008-6155

SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idtl parameter in a buy action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2009-0598

CVE-2009-0598 affects PhpMesFilms (versions 1.0 and 1.8). The vulnerability is an SQL injection in index.php via the id parameter, allowing remote attackers to execute arbitrary SQL. Underlying cause: unsafe handling of the id input. Impact is partial confidentiality/integrity/availability with C...

CVE-2009-0597

CVE-2009-0597 describes an SQL injection in the w3b>cms (aka w3blabor CMS) admin/index.php before version 3.4.0, exploitable when magic_quotes_gpc is disabled. A remote attacker can inject SQL via the benutzername (Username) field in the login action, potentially executing arbitrary SQL comman...

CVE-2009-0594

CVE-2009-0594 affects phpSkelSite 1.4 in the file index.php, where a cross-site scripting (XSS) vulnerability exists that allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. This is the underlying cause noted in the description. The supplied documents do not specify ...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in moziloWiki 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 action and 2 page parameters...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 page and 2 query parameters to a index.php, 3 cat and 4 file parameters to b download.php, 5 gal parameter to gallery.php, and the 6 URL to...

CVE-2008-6127

Multiple cross-site scripting XSS vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 page and 2 query parameters to a index.php, 3 cat and 4 file parameters to b download.php, 5 gal parameter to gallery.php, and the 6 URL to...

CVE-2008-6127

CVE-2008-6127 affects moziloCMS

CVE-2008-6130

The CVE-2008-6130 entry identifies a cross-site scripting (XSS) vulnerability in moziloWiki 1.0.1 and earlier, exploitable via index.php. The root cause is unsanitized input in the (1) action and (2) page parameters, enabling remote attackers to inject arbitrary web script or HTML. Affected softw...

CVE-2008-6130

Cross-site scripting XSS vulnerability in index.php in moziloWiki 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 action and 2 page parameters...

Sql injection

SQL injection vulnerability in index.php in Easy CafeEngine allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-4604...

CVE-2009-0574

CVE-2009-0574 describes a SQL injection in Easy CafeEngine’s index.php where the vulnerability is exploitable via the catid parameter. The affected software is Easy CafeEngine (version details in the entry reference CVE-2009-0574: no explicit version specified beyond the file name, so exact affec...

ea-gBook 0.1 - Remote Command Execution Remote File Inclusion

ea-gBook 0.1 - Remote Command Execution Remote File Inclusion !/usr/bin/perl ea-gBook 0.1 Remote Command Execution with RFI c99 Exploit Vendor: http://ea-style.de/ Download: http://ea-style.de/eddy/index.php?action=downgbookagb Author: bd0rk Contact: bd0rkathackermail.com site:...

CVE-2009-0529

Cross-site scripting XSS vulnerability in index.php in SnippetMaster Webpage Editor 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the language parameter...

Sql injection

SQL injection vulnerability in the EXtrovert Software Thyme comthyme 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event parameter to index.php...

CVE-2009-0517

Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tzenv.class. NOTE: some of these details are obtained...

CVE-2009-0516

SQL injection vulnerability in the classified page classified.php in BusinessSpace 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php...

Directory traversal

Multiple directory traversal vulnerabilities in WebFrame 0.76 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the 1 currentmod and 2 LANG parameters to mod/index.php...