Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php...

CVE-2007-6484

SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2007-6484

SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2007-6484

CVE-2007-6484 describes an SQL injection vulnerability in phpRPG 0.8, exploitable via the password parameter in index.php. Multiple sources (NVD, Red Hat, CVE lists) corroborate the issue, with provenance noted as originating from third-party information. The exploitation status is not detailed i...

CVE-2007-6469

SQL injection vulnerability in index.php in phpRPG 0.8, when magicqutoesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information...

Sql injection

SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery fotoshow action...

Sql injection

SQL injection vulnerability in index.php in phpRPG 0.8, when magicqutoesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information...

CVE-2007-6466

Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via 1 the prod parameter in a details action, 2 the cat parameter in a browse list action, or 3 the group parameter in a categories action. NOTE: it was later reported...

CVE-2007-6469

CVE-2007-6469 affects phpRPG 0.8 with an SQL injection in index.php triggered via the username parameter when magic_quotes_gpc is disabled. Remote attackers could potentially execute arbitrary SQL commands. The public records supplied do not include exploitation details or a confirmed remediation...

CVE-2007-6466

CVE-2007-6466 affects FreeWebshop 2.2.1 (and MOG-WebShop based on the same code) with multiple SQL injection vulnerabilities in index.php. The exploitable vectors are: (1) prod parameter in a details action, (2) cat parameter in a browse list action, and (3) group parameter in a categories action...

MOG-WebShop - index.php?group SQL Injection

MOG-WebShop - index.php?group SQL Injection !/usr/bin/perl Indonesian Newhack Security Advisory ------------------------------------ MOG-WebShop = ? - Multiple Remote SQL Injection Vulnerabilities Waktu : Dec 15 2007 11:45AM Software : MOG-WebShop |...

Sql injection

SQL injection vulnerability in index.php in Content Injector 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter in an expand action...

CVE-2007-6374

Multiple cross-site scripting XSS vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 users/register.php or 2 search/index.php, or an editcomments action in 3 wiki/index.php or 4 forums/index.php. NOTE: the error...

CVE-2007-6368

Directory traversal vulnerability in index.php in ezContents 1.4.5 allows remote attackers to read arbitrary files via a .. dot dot in the link parameter...

CVE-2007-6368

The CVE-2007-6368 entry concerns ezContents 1.4.5, where a directory traversal flaw in index.php allows remote attackers to read arbitrary files via a .. (dot dot) in the link parameter. This vulnerability is documented across multiple sources (NVD, CVE List, PRION, PRion, etc.), indicating the a...

CVE-2007-6374

Multiple cross-site scripting XSS vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 users/register.php or 2 search/index.php, or an editcomments action in 3 wiki/index.php or 4 forums/index.php. NOTE: the error...

CVE-2007-6374

CVE-2007-6374 concerns multiple XSS flaws in Bitweaver 2.0.0 and earlier, exploitable via PATH_INFO in four endpoints: /users/register.php, /search/index.php, /wiki/index.php (editcomments action), and /forums/index.php. The vulnerability allows remote attackers to inject arbitrary script or HTML...

CVE-2007-6375

CVE-2007-6375 affects Bitweaver 2.0.0 and earlier. The vulnerability comprises multiple SQL injection flaws that allow remote attackers to execute arbitrary SQL commands via (1) the sort_mode parameter to wiki/list_pages.php and (2) the highlight parameter to search/index.php. A report also menti...

CVE-2007-6310

Multiple cross-site scripting XSS vulnerabilities in Falt4Extreme RC4 10.9.2007 allow remote attackers to inject arbitrary web script or HTML via the handler parameter to 1 index.php and possibly 2 admin/index.php, and 3 the topic parameter to modules/feed/feed.php aka modules/feed.php...

CVE-2007-6310

Multiple cross-site scripting XSS vulnerabilities in Falt4Extreme RC4 10.9.2007 allow remote attackers to inject arbitrary web script or HTML via the handler parameter to 1 index.php and possibly 2 admin/index.php, and 3 the topic parameter to modules/feed/feed.php aka modules/feed.php...