CVE-2008-5879

Cross-site scripting XSS vulnerability in index.php in Phpclanwebsite aka PCW 1.23.3 Fix Pack 5 and earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter and other unspecified vectors...

CVE-2008-5874

CVE-2008-5874 relates to multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (Joomla! HBS) via the id parameter in showhoteldetails for modules (1) com_allhotels and (2) com_5starhotels. The underlying issue is unsafely constructed SQL in these components, enabling remo...

Sql injection

SQL injection vulnerability in index.php in My PHP Baseball Stats MyPBS allows remote attackers to execute arbitrary SQL commands via the seasonID parameter...

Sql injection

SQL injection vulnerability in the Top Hotel comtophotelmodule component 1.0 in the Hotel Booking Reservation System aka HBS 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php...

CVE-2008-5859

SQL injection vulnerability in index.php in Constructr CMS 3.02.5 and earlier, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showpage parameter...

CVE-2008-5851

CVE-2008-5851 describes an SQL injection in the MyPHP Baseball Stats (MyPBS) application. The vulnerability is in index.php via the seasonID parameter, allowing remote attackers to alter the backend database by issuing arbitrary SQL. The NVD data lists a base score of 7.5 (HIGH) with NETWORK atta...

CVE-2008-5859

CVE-2008-5859 describes an SQL injection in index.php of Constructr CMS 3.02.5 and earlier. When register_globals is enabled and magic_quotes_gpc is disabled, remote attackers can inject arbitrary SQL via the show_page parameter. The affected component is the CMS’s index.php; root cause is improp...

Sql injection

Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the browse parameter to 1 previews.php and 2 reviews.php, and the 3 id parameter to index.php in a viewarticle action...

webSPELL <= 4.01.02 (id) Remote Edit Topics Vulnerability

No description provided by source. +=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=+=--=--=--=--=--=-+ | webSPELL = 4.01.02 id Remote Edit Topics Vulnerability | Note | +=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=+=--=--=--=--=--=-+ | discovered by athos -...

CVE-2008-5818

Directory traversal vulnerability in index.php in eDreamers eDContainer 2.22, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lg parameter. NOTE: some of these details are obtained from third party information...

CVE-2008-5817

CVE-2008-5817 affects Web Scribble Solutions webClassifieds 2005. Vulnerability is in index.php sign_in action where the (1) user and (2) password fields are unsafely processed, enabling SQL injection and remote execution of arbitrary SQL commands. Root cause: insufficient input validation/saniti...

CVE-2008-5818

CVE-2008-5818 describes a directory traversal in the PHP file index.php of the eDreamers eDContainer 2.22 application. When magic_quotes_gpc is disabled, a remote attacker can cause arbitrary local file inclusion/execution by supplying a path traversal sequence via the lg parameter (e.g., ..). Th...

Sql injection

SQL injection vulnerability in index.php in Domain Seller Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter...

eDContainer 2.22 Local File Inclusion

| | | \ \ \ / / / \ / | / | / | | | | | | \ V / / \ | | | | | | | | | | | / \ | || | | | | | || || \ || // \ | | | eDContainer v2.22 lg Local File Inclusion Vulnerability Script : http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/e/ed/edscontacts/eDContainerv222.zip...

CMScout 2.06 SQL Injection/Local File Inclusion Vulnerabilities

No description provided by source. + CMScout 2.06 Remote SQL Injection/Local File Inclusion + Discovered By SirGod + Visit : www.mortal-team.org + Visit : www.h4cky0u.org + Greetz : All my friends + Script homepage : http://www.cmscout.co.za/ + Dork : Powered by CMScout c2005 CMScout Group + Remo...

CMScout 2.06 SQL Injection / Local File Inclusion

CMScout 2.06 Remote SQL Injection/Local File Inclusion + Discovered By SirGod + Visit : www.mortal-team.org + Visit : www.h4cky0u.org + Greetz : All my friends + Script homepage : http://www.cmscout.co.za/ + Dork : Powered by CMScout c2005 CMScout Group + Remote SQL Injection...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in FlatnuX CMS aka Flatnuke3 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via 1 the mod parameter to the default URI; 2 the foto parameter to photo.php in the 05Foto module; or 3 the name parameter in an insertrecord...

CVE-2008-5777

CVE-2008-5777 is a SQL injection vulnerability affecting CadeNix in index.php via the cid parameter. The issue allows remote attackers to alter or disclose database contents and potentially execute arbitrary SQL commands. The NVD entry lists a base score of 7.5 (HIGH) with network attack vector a...

php168 v2008 default setting of the disaster-vulnerability warning-the black bar safety net

index.php Section 6 3 line start 1. elseif$webdbNewsMakeHtml==1 //if it is to generate static and... 2. 3. $content=obgetcontents; 4. obendclean; 5. obstart; //spare 6. $content=makehtml$content,'index'; 7. echo "$content"; 8. makehtml function code 1. function makehtml$content,$pagetype=" 2...

eDContainer v2.22 (lg) Local File Inclusion Vulnerability

No description provided by source. | | | \ \ \ / / / \ / | / | / | | | | | | \ V / / \ | | | | | | | | | | | / \ | || | | | | | || || \ || // \ | | | eDContainer v2.22 lg Local File Inclusion Vulnerability Script :...