CVE-2005-1582

Cross-site scripting XSS vulnerability in index.php for 1Two News 1.0 allows remote attackers to inject arbitrary web script or HTML via the 1 nom, 2 email, 3 siteweb, or 4 commentaire variables...

CVE-2005-1581

Cross-site scripting XSS vulnerability in Bug Report 1.0 allows remote attackers to inject arbitrary web script or HTML via various fields to bugreport.php, which are not filtered or quoted when processed by buglist.php or admin/index.php...

CVE-2005-1584

The CVE-2005-1584 entry describes a Cross-site scripting (XSS) vulnerability in Quick.Forum 2.1.6, exploitable via the topic field in a NewTopic action within index.php. The underlying issue is an XSS allowance in the input handling, enabling remote attackers to inject arbitrary web script or HTM...

CVE-2005-1588

SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issue, saying that Quick.cart does not even use SQL and therefore can not be vulnerable to SQL injectio...

CVE-2005-1588

SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issue, saying that Quick.cart does not even use SQL and therefore can not be vulnerable to SQL injectio...

CVE-2005-1585

Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remote attackers to execute arbitrary SQL commands via the 1 iCategory or 2 page parameter to index.php, or 3 iCategory parameter in the query string to the forum directory...

CVE-2005-1500

Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via 1 the keyword parameter in search.php; or 2 the dateno parameter in viewdate mode, 3 the catid parameter in viewcat mode, the 4 monthno or 5 year parameter in viewmonth mode, or ...

CVE-2005-1498

Multiple cross-site scripting XSS vulnerabilities in myBloggie 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 year parameter in viewmode.php, or the 2 catid, 3 monthno, or 4 postid parameter in index.php, which are not properly sanitized before they are displayed in...

CVE-2004-2010

PHP remote file inclusion in phpShop 0.7.1 and earlier allows remote attackers to execute arbitrary PHP code by setting base_dir to a URL on a remote server that serves phpshop.cfg. This affects index.php. The underlying root cause is a file inclusion weakness that trusts a user-controlled base_d...

CVE-2004-2018

PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath parameter to reference a URL on a remote web server that contains the code...

CVE-2003-1175

Cross-site scripting XSS vulnerability in index.php in Sympoll 1.5 allows remote attackers to inject arbitrary web script or HTML via the vo parameter...

CVE-2004-2018

Php-Nuke 6.x–7.3 is affected by a PHP remote file inclusion vulnerability in index.php, exploitable by altering the modpath parameter to reference a URL on a remote server containing malicious code, enabling remote code execution. The initial documents do not provide specific remediation steps or...

CVE-2003-1175

CVE-2003-1175 concerns a cross-site scripting (XSS) vulnerability in Sympoll 1.5, where the tainted vo parameter in index.php can be exploited to inject arbitrary script/HTML. The NVD entry lists a CVSSv2 base score of 6.8 (MEDIUM) with network impact, partial confidentiality, integrity and avail...

CVE-2004-1962

SQL injection vulnerability in index.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection filters by using "//" sequences in the targeted fields...

Invision Power Board index.php Multiple Parameter XSS

The version of Invision Power Board installed on the remote host suffers from a cross-site scripting vulnerability due to its failure to sanitize user input via the 'act' parameter to the 'index.php' script. An unauthenticated attacker can exploit this flaw by injecting malicious HTML and script...

CVE-2005-0676

index.php in Zorum 3.5 allows remote attackers to trigger an SQL error, and possibly inject arbitrary SQL commands, via the search capability...

CVE-2005-1445

CVE-2005-1445 affects SitePanel 2.6.1 and earlier (SitePanel2). The issue is multiple directory traversal vulnerabilities allowing remote attackers to (1) delete arbitrary files via the id parameter in a rmattach action to 5.php, and (2) read arbitrary files via the lang parameter to index.php. R...

CVE-2005-1403

Multiple cross-site scripting XSS vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the 1 image parameter to closeup.php, the 2 currentIsExpanded or 3 searchFor parameters to index.php, 4 the currentNumber parameter to...

bBlog <= 0.7.4 Multiple Vulnerabilities (SQLi, XSS)

The remote host is running bBlog, an open source blog software application. According to its banner, the remote version of this software suffers from several vulnerabilities: - A SQL Injection Vulnerability It is reportedly possible to inject SQL statements through the 'postid' parameter of the...

CVE-2005-1384

Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the 1 search parameter to index.php, 2 phpcoinsessid parameter to login.php, 3 id, 4 dtopicid, or 5 dcatid to mod.php...