Sql injection

SQL injection vulnerability in search.php in Virtue Classifieds allows remote attackers to execute arbitrary SQL commands via the category parameter...

CVE-2009-2021

CVE-2009-2021 is a SQL injection vulnerability in Virtue Classifieds’ search.php where the category parameter can be exploited to execute arbitrary SQL commands remotely. Documented impact per NVD: CVSSv2 base score 7.5 (HIGH). Exploitation exists (see references). No remediation details are prov...

Virtue Classifieds (category) SQL Injection Vulnerability

No description provided by source. CMS : Virtue Classifieds WEB : http://www.virtuenetz.com/classified/ Archivo : search.php Variable Tipo : GET Valor : category Tipo : SQL Injection Url : http:/www.site.com/search.php?category=SQLI PoC:...

Virtue Classifieds - category SQL Injection

Virtue Classifieds - category SQL Injection CMS : Virtue Classifieds WEB : http://www.virtuenetz.com/classified/ Archivo : search.php Variable Tipo : GET Valor : category Tipo : SQL Injection Url : http:/www.site.com/search.php?category=SQLI PoC:...

Unfixed XSS vulnerability at www.datz.com

Security researcher Uber0n, has submitted on 06/08/2009 a cross-site-scripting XSS vulnerability affecting www.datz.com, which at the time of submission ranked 12092249 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 21/11/2010. It is currently...

Virtue Classifieds - 'category' SQL Injection

CMS : Virtue Classifieds WEB : http://www.virtuenetz.com/classified/ Archivo : search.php Variable Tipo : GET Valor : category Tipo : SQL Injection Url : http:/www.site.com/search.php?category=SQLI PoC:...

Virtue Classifieds SQL Injection

CMS : Virtue Classifieds WEB : http://www.virtuenetz.com/classified/ Archivo : search.php Variable Tipo : GET Valor : category Tipo : SQL Injection Url : http:/www.site.com/search.php?category=SQLI PoC:...

Unfixed XSS vulnerability at www.tenebril.com

Security researcher X-OTTOMAN, has submitted on 06/07/2009 a cross-site-scripting XSS vulnerability affecting www.tenebril.com, which at the time of submission ranked 428792 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 21/11/2010. It is...

CVE-2009-1735

Cross-site scripting XSS vulnerability in search.php in VidSharePro allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. NOTE: some of these details are obtained from third party information...

CVE-2009-1735

CVE-2009-1735 is an XSS vulnerability in VidSharePro’s search.php, exploitable via the searchtxt parameter to inject arbitrary script/HTML. Root cause: insufficient input sanitization in the search input handling. According to the CVSS metrics, the impact is partial integrity with no confidential...

Unfixed XSS vulnerability at www.autozvuk.kiev.ua

Security researcher Xylitol, has submitted on 05/04/2009 a cross-site-scripting XSS vulnerability affecting www.autozvuk.kiev.ua, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 21/11/2011. It is current...

Cross site scripting

Cross-site scripting XSS vulnerability in refbase before 0.9.5 allows remote attackers to inject arbitrary web script or HTML via the headerMsg parameter to 1 show.php and 2 search.php. NOTE: some of these details are obtained from third party information...

CVE-2008-6400

The connected records confirm CVE-2008-6400 is a Cross-site Scripting (XSS) vulnerability in refbase up to version 0.9.4/0.9.5 (before 0.9.5). The issue arises via the headerMsg parameter used by show.php and search.php , allowing remote attackers to inject arbitrary web script/HTML. The root cau...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Camera Life 2.6.2b8 allow remote attackers to inject arbitrary web script or HTML via the q parameter to 1 search.php and 2 rss.php; the query string after the image name in 3 photos/photo; the path parameter to 4 folder.php; page parameter and...

Sql injection

SQL injection vulnerability in search.php in WSN Guest 1.23 allows remote attackers to execute arbitrary SQL commands via the search parameter in an advanced action...

Directory traversal

Directory traversal vulnerability in search.php in miniPortail 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lng parameter...

CVE-2008-6015

CVE-2008-6015 relates to multiple SQL injection vulnerabilities in EsFaq 2.0 (search.php). The issues allow remote attackers to inject arbitrary SQL through the keywords and cat parameters. Affected component is the search functionality in EsFaq 2.0; root cause is improper input handling leading ...

CVE-2008-6004

Cross-site scripting XSS vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the product parameter...

CVE-2008-6004

Cross-site scripting XSS vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the product parameter...

CVE-2008-6004

CVE-2008-6004 is a Cross-site scripting (XSS) vulnerability affecting AJ Auction Pro Platinum 2, specifically in search.php via the product parameter. The NVD entry describes an attacker injecting arbitrary script/HTML, with a CVSSv2 base score of 4.3 (Medium) and vector: AV:N/AC:M/Au:N/C:N/I:P/A...