CVE-2008-4039

SQL injection vulnerability in index.php in Spice Classifieds allows remote attackers to execute arbitrary SQL commands via the catpath parameter...

Sql injection

SQL injection vulnerability in index.php in eliteCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter...

CVE-2008-4046

SQL injection vulnerability in index.php in eliteCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter...

Sql injection

SQL injection vulnerability in index.php in Masir Camp E-Shop Module 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ordercode parameter in a veiworderstatus page...

dynamicmp3-xss.txt

Author : Xylitol Contact : n/a Vendor : benjamin kuz www.ben.ursux.com Version: 2.0.1 D0rks : dynamic MP3 lister 2.0.1 by benjamin kuz :: netscape users click here Public release vulnz: 10/09/08 Impact: low Stop lammer Dynamic MP3 Lister 2.0.1 1. Description: Dynamic MP3 Lister is a quick, easy w...

PHP Coupon Script 'index.php' SQL注入漏洞

BUGTRAQ ID: 30961 CNCAN ID：CNCAN-2008090306 PHP Coupon Script是一款基于PHP的WEB应用程序。 PHP Coupon Script不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可能获得敏感信息或操作数据库。 问题由于'index.php'脚本对用户提交给WEB参数缺少过滤，构建恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 Thinc4orce Marketing Group PHP Coupon Script 4.0 目前没有解决方案提供：...

MyioSoft EasyClassifields 'index.php' SQL注入漏洞

BUGTRAQ ID: 30943 CNCAN ID：CNCAN-2008090202 MyioSoft EasyClassifields是一款基于PHP的WEB应用程序。 MyioSoft EasyClassifields不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可能获得敏感信息或操作数据库。 问题由于'index.php'脚本对用户提交给WEB参数缺少过滤，构建恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 MyioSoft EasyClassifields 3.0 目前没有解决方案提供：...

CVE-2008-3955

The provided connected records contain concrete details for CVE-2008-3955: an SQL injection vulnerability in index.php of Masir Camp E-Shop Module 3.0 and earlier. The flaw is exploitable via the ordercode parameter on the veiworderstatus page, enabling remote attackers to execute arbitrary SQL c...

CVE-2008-3945

SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action...

Sql injection

SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action...

CVE-2008-3945

SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action...

CVE-2008-3945

The CVE-2008-3945 entry documents a SQL injection in Words tag 1.2 affecting index.php, where the word parameter in a claim action allows remote command execution. This is corroborated by NVD, CVE List, and PRION entries referencing the same flaw with the Words tag 1.2 description. Exploitation r...

CVE-2008-3918

CVE-2008-3918 affects Ovidentia 6.6.5. The vulnerability is a SQL injection in index.php triggered by the field parameter in a search action, allowing remote attackers to execute arbitrary SQL commands. NVD data indicates network attack vector, low attack complexity, no authentication, and partia...

Coupon Script 4.0 - id SQL Injection

Coupon Script 4.0 - id SQL Injection || | | Coupon Script 4.0 id Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : WwW.Hussin-X.CoM | WwW.tryag.CoM | | email: darkangelg85atYahooDoTcom | | | | | | | script :...

Sql injection

Multiple SQL injection vulnerabilities in index.php in Matterdaddy Market 1.1, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 category and 2 type parameters...

Sql injection

Multiple SQL injection vulnerabilities in the comcontent component in MiaCMS 4.6.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a 1 view, 2 category, or 3 blogsection action to index.php...

CVE-2008-3786

The CVE-2008-3786 entry concerns a Cross-site Scripting (XSS) vulnerability in index.php of PICTURESPRO Photo Cart 3.9. The issue arises from the qtitle parameter (Gallery or event name) in a search action, where user-supplied input is not properly sanitized, enabling an attacker to inject arbitr...

CVE-2008-3782

Multiple cross-site scripting XSS vulnerabilities in admin/index.php in ACG-PTP 1.0.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the 1 Category name field under Advertisement Packages, the 2 Reason field under Credit/Debit Users, and the 3 FAQ question an...

popnupblog-xss.txt

PopnupBlog index.php multiple variables XSS Vendor url:http://www.bluemooninc.biz/ Advisore:http://lostmon.blogspot.com/2008/08/ popnupblog-indexphp-multiple-variables.html Vendor notify:no exploits availables:yes PopnupBlog contains a flaw that allows a remote cross site scripting attack.This fl...

Matterdaddy Market 1.1 - index.php Multiple SQL Injections

Matterdaddy Market 1.1 - index.php Multiple SQL Injections Author: !DoktOR! Contact: coder5attopmail.kz Home Page: www.antichat.ru Date found: 25.08.08 Product: Market Version: 1.1 Download script: http://www.matterdaddy.com/4/scripts/marketv11.zip Vulnerability Class: SQL Injection magicquotesgp...