CVE-2005-2674

Affected product: Land Down Under (LDU) 800 series (

w-Agora index.php site Parameter Traversal Arbitrary File Access

The remote host is running w-agora, a web-based forum application written in PHP. The remote version of this software is prone to directory traversal attacks. A remote attacker could request a specially crafted URL to read arbitrary files on the remote system with the privileges of the web server...

CVE-2005-2648

W-Agora is affected by CVE-2005-2648: a directory traversal in index.php via the site parameter allows remote reading of arbitrary files on affected versions (W-Agora 4.2.0 and earlier). OpenVAS/Nessus entries corroborate this vulnerability and indicate remediation by upgrading to a fixed release...

CVE-2004-2456

SQL injection vulnerability in index.php in miniBB 1.7f and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a userinfo action...

CVE-2004-2456

CVE-2004-2456 is a SQL injection in miniBB (index.php, userinfo action) affecting miniBB 1.7f and earlier. The vulnerability arises from unsanitized input in the user parameter of index.php, enabling remote attackers to execute arbitrary SQL commands. The connected Nessus/NASL entries reference a...

CVE-2004-2444

CVE-2004-2444 describes a cross-site scripting (XSS) flaw in index.php of Jaws 0.3, exploitable via the action parameter to inject arbitrary script/HTML. The provided documents do not include explicit vendor/version patches or a confirmed exploit in the wild. No additional technical details, root...

CVE-2004-2445

CVE-2004-2445: Directory traversal in Jaws 0.3 BETA index.php via the gadget parameter allows remote attackers to view arbitrary files using dot-dot sequences. This is documented in multiple sources (NVD/CVE records and Nessus-like disclosures) and confirms a file-read vulnerability in the early ...

CVE-2003-1231

CVE-2003-1231: Cross-site scripting (XSS) in ECW-Shop 5.5 (index.php) allows remote attackers to inject arbitrary script/HTML via the cat parameter. The provided sources describe the vulnerability but do not include explicit exploit code, affected versions beyond 5.5, or remediation steps. No add...

CVE-2005-2622

Cross-site scripting XSS vulnerability in index.php in ECW-Shop 6.0.2 allows remote attackers to inject arbitrary web script or HTML via the 1 max or 2 ctg parameter...

CVE-2005-2622

The CVE-2005-2622 entry concerns ECW-Shop 6.0.2. The affected component is index.php, with a vulnerability in the parameters (1) max and (2) ctg that allows cross-site scripting (XSS). The NVD entry lists a CVSSv2 base score of 4.3 (Medium) with network attack vector, requiring no authentication,...

CVE-2003-1231

Cross-site scripting XSS vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter...

CVE-2005-2609

index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows remote attackers to obtain the full server path via an invalid VDNSSessid parameter...

CVE-2005-2616

Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote attackers to execute arbitrary code via the path parameter to 1 initialize.php, 2 customize.php, 3 form.php, or 4 index.php...

CVE-2005-2603

Cross-site scripting XSS vulnerability in index.php for My Image Gallery Mig 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the 1 currDir or 2 image parameters...

CVE-2005-2610

The CVE-2005-2610 entry describes a Cross‑Site Scripting (XSS) vulnerability in VegaDNS where index.php accepts a message parameter. Affected versions include VegaDNS 0.8.1 and 0.9.8 (and possibly other versions). The underlying issue allows remote attackers to inject arbitrary web script or HTML...

CVE-2005-2580

CVE-2005-2580 affects MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch. The vulnerability stems from improper sanitization of user input, enabling SQL injection via the Username field in index.php or member.php, via the action parameter in search.php or member.php, or via the polloptions param...

CVE-2005-2580

Multiple SQL injection vulnerabilities in MyBulletinBoard MyBB 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in 1 index.php or 2 member.php, action parameter to 3 search.php or 4 member.php, or 5 polloptions parameter to polls.php...

CVE-2005-2580

Multiple SQL injection vulnerabilities in MyBulletinBoard MyBB 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in 1 index.php or 2 member.php, action parameter to 3 search.php or 4 member.php, or 5 polloptions parameter to polls.php...

quickForum.txt

Quick.Forum 'topic field' XSS and 'page' & 'iCategory' SQL injection vendor url:http://qc.dotgeek.org/os/index.php?p=productsQuickForum advisore:http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html vendor notify: yes exploit available: yes Quick.Forum contais a flaw which...

CVE-2004-2288

The CVE-2004-2288 entry refers to a cross-site scripting (XSS) vulnerability in Jelsoft vBulletin, specifically in index.php via the loc parameter, allowing remote attackers to spoof parts of a website. Documents collectively confirm the affected product and vulnerable parameter; however, they do...