Sql injection

SQL injection vulnerability in admin/login.php in Impleo Music Collection 2.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action...

Sql injection

Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the 1 inUser aka Username and 2 inPass aka Password parameters to a inc/login.ei, reachable through login.php; and the 3 id parameter to b showbug.php and c showactivity.php. NOTE: i...

CVE-2009-2129

Cross-site request forgery CSRF vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action...

CVE-2009-2129

Cross-site request forgery CSRF vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action...

CVE-2009-2129

CVE-2009-2129 describes a cross-site request forgery (CSRF) vulnerability in the Elvin 1.2.0 login.php that allows a remote attacker to hijack the authentication of arbitrary users via a logout action. The vulnerability is documented across multiple sources (NVD entry and CVE records) with the sa...

Sql injection

Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via 1 the formUser parameter aka the Name field to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to 2...

CVE-2009-1810

Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via 1 the formUser parameter aka the Name field to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to 2...

CVE-2009-1812

Multiple SQL injection vulnerabilities in myGesuad 0.9.14 aka 0.9 allow remote attackers to execute arbitrary SQL commands via 1 the formUser parameter aka the Name field to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail...

RoomPHPlanning 1.6 Multiple Remote Vulnerabilities

No description provided by source. o o o O O ooooooo 0 oooo OOOo o o o O O O 0 0 0 o o o o o O O O 0 0000 oooo ooooo o o oooooo o o O O O 0 0 0 0 0 0 o o O O o o O OO 0 0 0 oooo ooooo oooo OOOOOO oooooo O O O 0 0 0 0 0 0oooo0 + RoomPHPlanning v1.6 Multiple Remote Exploit Vulnerabilities +...

CVE-2009-1741

Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 Username and 2 Password fields...

CVE-2009-1741

CVE-2009-1741 relates to DM FileManager 3.9.2, where login.php contains multiple SQL injection vulnerabilities when magic_quotes_gpc is disabled. Remote attackers can cause arbitrary SQL execution via the (1) Username and (2) Password fields. The NVD notes a CVSSv2 base score of 6.8 (MEDIUM). No ...

Sql injection

Multiple SQL injection vulnerabilities in admin/login.php in Wright Way Services Recipe Script 5 allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 Password fields, as reachable from admin/index.php...

CVE-2009-1662

CVE-2009-1662 affects Wright Way Services Recipe Script 5. The vulnerability resides in the admin/login.php component, where the login parameters (username and Password) are susceptible to SQL injection. The issue is reachable from admin/index.php, enabling remote attackers to manipulate SQL quer...

Sql injection

Multiple SQL injection vulnerabilities in MicBlog 0.0.3, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 cat parameter to category.php, the 2 user parameter to login.php, and the 3 site parameter to register.php...

CVE-2008-6805

Multiple SQL injection vulnerabilities in MicBlog 0.0.3, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 cat parameter to category.php, the 2 user parameter to login.php, and the 3 site parameter to register.php...

CVE-2008-6805

Multiple SQL injection vulnerabilities in MicBlog 0.0.3, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 cat parameter to category.php, the 2 user parameter to login.php, and the 3 site parameter to register.php...

Sql injection

Multiple SQL injection vulnerabilities in TemaTres 1.031, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 idcorreoelectronico and 2 idpassword parameters to login.php. NOTE: the provenance of this information is unknown; the details are obtained...

Sql injection

Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via 1 the us parameter aka the Username field or 2 the ps parameter aka the Password field...

CVE-2008-6798

Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via 1 the us parameter aka the Username field or 2 the ps parameter aka the Password field...