CVE-2009-0517

CVE-2009-0517 affects phpSlash 0.8.1.1 and earlier. The flaw is an eval()-based injection where unvalidated input in the fields parameter is passed to eval() inside tz_env.class, enabling remote PHP code execution with the web server’s privileges. Impact is described as complete impacts to confid...

CVE-2009-0514

CVE-2009-0514 affects WebFrame 0.76 with directory traversal in mod/index.php (parameters: currentmod, LANG). Exploitation enables remote inclusion and execution of arbitrary local files. Base CVSS 2.0 score 7.5 (HIGH); attack vector NETWORK, no authentication required. No remediation details pro...

CVE-2009-0514

Multiple directory traversal vulnerabilities in WebFrame 0.76 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the 1 currentmod and 2 LANG parameters to mod/index.php...

Sql injection

SQL injection vulnerability in A4Desk PHP Event Calendar allows remote attackers to execute arbitrary SQL commands via the eventid parameter to admin/index.php...

CVE-2008-6104

Summary of CVE-2008-6104 (A4Desk Event Calendar SQLi) Affects: A4Desk PHP Event Calendar.Vulnerability: SQL injection via the eventid parameter to admin/index.php, caused by insufficient input sanitization.Impact: Remote attackers could execute arbitrary SQL commands (partial confidentiality/ int...

CVE-2008-6093

SQL injection vulnerability in Noname CMS 1.0: index.php is exploitable when magic_quotes_gpc is disabled. An attacker can pass (1) file_id in the detailansicht action and (2) kategorie in the kategorien action to execute arbitrary SQL commands remotely. Affects Noname CMS 1.0; CVSS metadata indi...

phpYabs 0.1.2 Remote File Inclusion

phpyabs 0.1.2 RFI Vulnerability FOUND BY: Arka69 BUG: Remote File Include RFI CMS: phpyabs 0.1.2 SITE: http://exploita.altervista.org VULNERABLE CODE: phpyabs/moduli/libri/index.php include$GET'Azione'.".php"; RFI: http://victim.com/phpyabs/moduli/libri/index.php?Azione=SHELL...

CVE-2009-0445

The CVE-2009-0445 issue affects the Dreampics Gallery Builder, specifically the web entry point index.php. The vulnerability is an SQL injection in the gallery.viewPhotos action via the exhibition_id parameter, allowing remote commands execution. Exploitation details are not provided in the docum...

Sql injection

Multiple SQL injection vulnerabilities in DomPHP 0.81 allow remote attackers to execute arbitrary SQL commands via the cat parameter to agenda/index.php, and unspecified other vectors...

CVE-2008-6064

Multiple SQL injection vulnerabilities in DomPHP 0.81 allow remote attackers to execute arbitrary SQL commands via the cat parameter to agenda/index.php, and unspecified other vectors...

Sql injection

SQL injection vulnerability in index.php in Blue Eye CMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the clanek parameter...

CVE-2009-0425

SQL injection vulnerability in index.php in Blue Eye CMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the clanek parameter...

CVE-2009-0406

SQL injection vulnerability in index.php in Community CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...

Sql injection

SQL injection vulnerability in index.php in MapCal 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an editevent action, possibly related to dspeditevent.php...

CVE-2008-6038

SQL injection vulnerability in index.php in MapCal 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an editevent action, possibly related to dspeditevent.php...

CVE-2008-6040

Arcadem Pro is affected by a SQL injection in index.php (versions 2.700–2.802). The vulnerability allows remote attackers to execute arbitrary SQL commands via the articlecat parameter, likely due to a flaw in includes/articleblock.php. No remediation or exploit details are provided in the connec...

CVE-2008-6042

SQL injection vulnerability in the research module in NetArtMedia Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the ad parameter to index.php...

CVE-2008-6019

CVE-2008-6019 describes a SQL injection in the Web app EACOMM DO-CMS 3.0. The vulnerability is in index.php, exploitable via the p parameter to remotely execute arbitrary SQL commands. The documents do not provide remediation, affected versions beyond 3.0, or exploit details. No further public te...

CVE-2009-0378

Cross-site scripting XSS vulnerability in index.php in the beamospetition combeamospetition 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in the beamospetition combeamospetition 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action...