MercuryBoard 1.1.4 SQL Injection

RST/GHC Advisory 28 Product : MercuryBoard Version : 1.1.4 FILE : index.php VULN : SQL injection CODE : global.php ---------- 71 : $this-agent = isset$SERVER'HTTPUSERAGENT' ? $SERVER'HTTPUSERAGENT' : null; index.php --------- 154 : $mercury-db-query"REPLACE INTO $mercury-preactive activeid,...

CVE-2005-1951

Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF "%0d%0a" sequences in the 1 productsid or 2 pid parameter to index.php or 3 goto parameter to banner.php...

CVE-2005-1975

Multiple cross-site scripting XSS vulnerabilities in Annuaire 1Two 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the id parameter to index.php, or the 2 siteid, 3 nom, 4 email, or 5 commentaire parameters in commentaires.php...

CVE-2005-1955

Cross-site scripting XSS vulnerability in index.php in singapore 0.9.11 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter...

CVE-2005-1951

Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF "%0d%0a" sequences in the 1 productsid or 2 pid parameter to index.php or 3 goto parameter to banner.php...

CVE-2005-1955

Cross-site scripting XSS vulnerability in index.php in singapore 0.9.11 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter...

CVE-2005-1810

SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $catID variable, as demonstrated using the cat parameter to index.php...

CVE-2005-1817

Invision Power Board (IPB) versions 1.0–1.3 are affected by a vulnerability in index.php that allows remote attackers to edit arbitrary forum posts by sending a modified request. The issue is triggered via direct parameter manipulation in a HTTP request to index.php, enabling an attacker to alter...

CVE-2005-1817

Invision Power Board IPB 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters...

CVE-2005-1810

SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $catID variable, as demonstrated using the cat parameter to index.php...

CVE-2005-1800

Cross-site scripting XSS vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php...

CVE-2005-1715

Cross-site scripting XSS vulnerability in index.php for TOPo 2.2 2.2.178 allows remote attackers to inject arbitrary web script or HTML via the 1 m, 2 s, 3 ID, or 4 t parameters, or the 5 field name, 6 Your Web field, or 7 email field in the comments section...

CVE-2005-1715

CVE-2005-1715 describes a reflected cross-site scripting vulnerability in TOPo 2.2 (version 2.2.178), specifically in index.php. The issue allows remote attackers to inject arbitrary script/HTML via several inputs in the comments section and related fields: (1) m, (2) s, (3) ID, (4) t, and (5) fi...

CVE-2004-2072

CVE-2004-2072 describes a cross-site scripting (XSS) vulnerability in Mambo Open Source 4.6 (and possibly earlier) via the Itemid parameter in index.php. The underlying issue is a failure to properly sanitize user input in the web application, enabling an attacker to inject script that may run in...

CVE-2005-1673

Multiple SQL injection vulnerabilities in Help Center Live allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to index.php, 2 tid parameter to view.php, fid parameter to 3 download.php or 4 chatdownload.php, 5 status parameter to icon.php, TICKETtid parameter to 6...

PT-2005-2575 · Fusion · Fusion Sbx

Name of the Vulnerable Software and Affected Versions: Fusion SBX versions 1.2 and earlier Description: The issue concerns the improper use of the extract function in index.php, allowing remote attackers to bypass authentication by setting the is logged parameter or execute arbitrary code via the...

CVE-2005-1548

CVE-2005-1548 is an SQL injection vulnerability in the index.php of Advanced Guestbook 2.3.1 . The flaw occurs in the entry parameter , allowing remote attackers to execute arbitrary SQL commands. The underlying issue is an input validation flaw that fails to sanitize user input before database i...

CVE-2005-1581

Cross-site scripting XSS vulnerability in Bug Report 1.0 allows remote attackers to inject arbitrary web script or HTML via various fields to bugreport.php, which are not filtered or quoted when processed by buglist.php or admin/index.php...

CVE-2005-1582

The CVE-2005-1582 entry concerns a Cross-site scripting (XSS) vulnerability in index.php of 1Two News 1.0. The vulnerability permits remote injection of arbitrary web script or HTML via the query/POST parameters nom, email, siteweb, or commentaire. The NVD listing documents a MEDIUM impact score ...

CVE-2005-1581

Vulnerability summary: CVE-2005-1581 describes a cross-site scripting (XSS) flaw in Bug Report 1.0. User input from various fields to bug_report.php is not filtered or quoted when processed by bug_list.php or admin/index.php, allowing remote attackers to inject arbitrary web script or HTML. What’...