347 matches found
CVE-2006-0249
SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD1.0 allows remote attackers to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter $tmpCategory variable...
Sql injection
SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD1.0 allows remote attackers to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter $tmpCategory variable...
CVE-2006-0249
SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD1.0 allows remote attackers to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter $tmpCategory variable...
CVE-2005-3369
Multiple SQL injection vulnerabilities in the Info-DB module infodb.php in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the 1 fileid and 2 subkatid parameters...
PT-2005-4099 · Ftgate · Mailsite Express
Name of the Vulnerable Software and Affected Versions: Mailsite Express affected versions not specified Description: The issue allows remote attackers to upload and execute files with executable extensions, such as ASP, by utilizing the compose page feature. Attackers can attach the file and then...
phpkit161.txt
SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1 Version: PHPKit 1.6.1 Risk: High if magicquotesgpc = Off URL: http://www.phpkit.com SQL Injection in include.php?path=login/member.php The parameters usernick and letters are vulnerable to SQL Injections. POC:...
CVE-2005-0332
The CVE-2005-0332 entry concerns DeskNow Mail and Collaboration Server (v2.5.12) with two directory traversal flaws. The first allows remote upload (and possible JSP-based execution) through the AttachmentsKey parameter to attachment.do, enabling files to be placed outside the intended directory....