7210 matches found
CVE-2007-3643
CVE-2007-3643 affects AV Arcade 2.1b. The vulnerability arises in admin/index.php where the ava_userid cookie value of 1 grants administrative privileges, enabling remote attackers to perform certain admin actions. The root cause is improper authentication/authorization tied to the ava_userid coo...
CVE-2007-3631
CVE-2007-3631 affects GameSiteScript (gss) 3.1 and earlier. The vulnerability is an SQL injection in index.php triggered via the params parameter due to missing input validation of the id field. This can allow remote attackers to execute arbitrary SQL commands. According to NVD, the CVSS v2 base ...
moodle-xss.txt
Dear [email protected], 1. MustLive mustlive at websecurity.com dot ua reported crossite scripting vulnerability in Moodle 1.7.1 via search parameter of index.php, example:...
CVE-2007-3598
index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that...
Sql injection
SQL injection vulnerability in the dashboard include/utils/SearchUtils.php in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigneduserid parameter in a Potentials ListView action to index.php...
CVE-2007-3587
MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via the admin cookie parameter, as demonstrated by a post to admin/settings.php that injects PHP code into settings.inc, which can then be executed via a direct request to index.php...
AV Arcade Index.PHP SQL注入漏洞
AV Arcade是一款基于PHP的WEB应用程序。 AV Arcade不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'Index.PHP'脚本对用户提交的'id'参数缺少过滤,提交恶意SQL查询作为参数数据,可导致应用程序处理时更改原来的SQL逻辑,攻击者可以获得敏感信息或者操作数据库。 AV Scripts AV Arcade 2.1b 目前没有解决方案提供: http://www.avscripts.net/...
CVE-2007-3555
Cross-site scripting XSS vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424...
CVE-2007-3555
CVE-2007-3555 is a cross-site scripting (XSS) vulnerability in Moodle 1.7.1’s index.php that allows an attacker to inject arbitrary script/HTML via the search parameter. The issue stems from how the style expression is handled and is listed among several Moodle vulnerabilities addressed in Debian...
CVE-2007-3555
Cross-site scripting XSS vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424...
CVE-2007-3517
Multiple cross-site scripting XSS vulnerabilities in Claroline 1.8.3 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF to 1 index.php, 2 demo/claroline170/index.php, and possibly other scripts...
CVE-2007-3517
CVE-2007-3517 covers multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3. An attacker can inject arbitrary web script or HTML by supplying malicious content through PATH_INFO (PHP_SELF) to scripts such as index.php and demo/claroline170/index.php (and potentially other scripts)...
Moodle 1.7.1 - index.php Cross-Site Scripting
Moodle 1.7.1 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/24748/info Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Exploiting this vulnerability may allow an attacker to perform cross-site scripting...
Sql injection
SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a stats action...
CVE-2007-3434
index.php in Pharmacy System 2 and earlier allows remote attackers to obtain sensitive information via a ' quote character in the page parameter, which reveals the table prefix in an error message...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter. NOTE: 4.0.2 and other versions might also be affected...
Sql injection
SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action...
CVE-2007-3427
Affected software: phpTrafficA 1.4.2 and earlier. The vulnerability is in index.php (stats action) where the pageid parameter enables SQL injection, allowing remote attackers to execute arbitrary SQL commands. Root cause: improper handling/validation of pageid leading to injection. Impact: as sta...
CVE-2007-3426
Cross-site scripting XSS vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter...
CVE-2007-3426
The CVE-2007-3426 issue affects phpTrafficA (versions 1.4.2 and earlier). The vulnerability is an XSS in index.php where the lang parameter can be exploited to inject arbitrary web script or HTML. This could allow remote attackers to run client-side code in the context of the affected user’s sess...