CVE-2007-2599

Multiple SQL injection vulnerabilities in TutorialCMS aka Photoshop Tutorials 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 catFile parameter to a browseCat.php or b browseSubCat.php; the 2 id parameter to c openTutorial.php, d topFrame.php, or e...

CVE-2007-2599

TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier contains multiple SQL injection vulnerabilities. The affected components include (1) catFile parameter for browseCat.php and browseSubCat.php, (2) id parameter for openTutorial.php, topFrame.php, and admin/editListing.php, and (3) the search ...

CVE-2007-2600

Multiple cross-site scripting XSS vulnerabilities in TutorialCMS aka Photoshop Tutorials 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 catFile parameter to a browseCat.php or b browseSubCat.php; the 2 id parameter to c openTutorial.php, d topFrame.php, o...

Unfixed XSS vulnerability at www.searchtons.com

Security researcher RoMeO, has submitted on 05/11/2007 a cross-site-scripting XSS vulnerability affecting www.searchtons.com, which at the time of submission ranked 145218 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/11/2007. It is...

Unfixed XSS vulnerability at www.t7r.org

Security researcher St@rExT, has submitted on 25/04/2007 a cross-site-scripting XSS vulnerability affecting www.t7r.org, which at the time of submission ranked 1467659 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 25/04/2007. It is currently...

Directory traversal

Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the themeurl parameter to 1 index.php, 2 page.php, 3 search.php, 4 single.php, and 5 archives.php...

CVE-2007-2104

Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the themeurl parameter to 1 index.php, 2 page.php, 3 search.php, 4 single.php, and 5 archives.php...

CVE-2007-2104

CVE-2007-2104 affects iXon CMS 0.30. The vulnerability is a directory traversal in the theme_url parameter that allows remote attackers to include and execute arbitrary local files via a .. traversal in (1) index.php, (2) page.php, (3) search.php, (4) single.php, and (5) archives.php. Impact is d...

Unfixed XSS vulnerability at www.island-search.com

Security researcher Uber0n, has submitted on 04/12/2007 a cross-site-scripting XSS vulnerability affecting www.island-search.com, which at the time of submission ranked 503968 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/12/2007. It is...

CVE-2007-1363

Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in the delete action in a search.php or b search-pda.php, or the 2 calories parameter in a save action in editlogcal.php...

DropAFew 0.2 - search.php?delete Action id SQL Injection

DropAFew 0.2 - search.php?delete Action id SQL Injection source: https://www.securityfocus.com/bid/23400/info DropAFew is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could all...

DropAFew 0.2 - 'search.php?delete Action id' SQL Injection

source: https://www.securityfocus.com/bid/23400/info DropAFew is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or...

CVE-2007-1679

Multiple cross-site scripting XSS vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in 1 imp/search.php and 2 ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php...

CVE-2007-1679

The CVE-2007-1679 entry concerns multiple XSS vulnerabilities in Horde Groupware Webmail 1.0, specifically in imp/search.php and ingo/rule.php. The issue is that remote authenticated users can inject script/HTML via unspecified vectors; however, the vendor disputes the existence of the search.php...

CVE-2007-1607

search.php in w-Agora Web-Agora allows remote attackers to obtain potentially sensitive information via a ' quote value followed by certain SQL sequences in the 1 searchforum or 2 searchuser parameter, which force a SQL error...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in w-Agora Web-Agora allow remote attackers to inject arbitrary web script or HTML via 1 the showuser parameter to profile.php, the 2 searchforum or 3 searchuser parameter to search.php, or 4 the userid parameter to changepassword.php...

CVE-2007-1606

Multiple cross-site scripting XSS vulnerabilities in w-Agora Web-Agora allow remote attackers to inject arbitrary web script or HTML via 1 the showuser parameter to profile.php, the 2 searchforum or 3 searchuser parameter to search.php, or 4 the userid parameter to changepassword.php...

Sql injection

search.php in w-Agora Web-Agora allows remote attackers to obtain potentially sensitive information via a ' quote value followed by certain SQL sequences in the 1 searchforum or 2 searchuser parameter, which force a SQL error...

CVE-2007-1606

Multiple cross-site scripting XSS vulnerabilities in w-Agora Web-Agora allow remote attackers to inject arbitrary web script or HTML via 1 the showuser parameter to profile.php, the 2 searchforum or 3 searchuser parameter to search.php, or 4 the userid parameter to changepassword.php...

CVE-2007-1607

search.php in w-Agora Web-Agora allows remote attackers to obtain potentially sensitive information via a ' quote value followed by certain SQL sequences in the 1 searchforum or 2 searchuser parameter, which force a SQL error...