CVE-2007-4143

user.php in the Billing Control Panel in phpCoupon allows remote authenticated users to obtain Premium Member status, and possibly acquire free coupons, via a modified URL containing a certain billing parameter and REQ=auth, status=success, and custom=upgrade substrings, possibly related to PayPa...

Sql injection

SQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2007-2942

SQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...

Deserialization of untrusted data

user.php in BoastMachine 3.0 platinum allows remote authenticated users to gain privileges via a modified id parameter, as demonstrated by an editpost action...

Design/Logic Flaw

user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' quote character, and possibly other invalid values, in the uname parameter in a userinfo operation...

CVE-2007-0624

user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' quote character, and possibly other invalid values, in the uname parameter in a userinfo operation...

CVE-2007-0624

user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' quote character, and possibly other invalid values, in the uname parameter in a userinfo operation...

CVE-2007-0130

SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...

Sql injection

SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2007-0130

CVE-2007-0130 describes a SQL injection in the web front-end of iGeneric iG Calendar 1.0, specifically in the file or function handling the id parameter of user.php. The vulnerability enables remote attackers to execute arbitrary SQL commands by supplying crafted input for id, leading to potentia...

iG Calendar 1.0 (user.php id variable) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================================= iG Calendar 1.0 user.php id variable Remote SQL Injection Vulnerability ========================================================================= SQL Injection in...

iG Calendar 1.0 - user.php?id SQL Injection

iG Calendar 1.0 - user.php?id SQL Injection SQL Injection in ig-Calendar. This works regardless of magicquotesgpc! Dumps mysql login informaion: http://127.0.0.1/ig-calendar/user.php?id=999%20union%20select%201,User,Password,Host,Filepriv,0%20from%20mysql.user ./user.php line 52: $query = 'SELECT...

CVE-2006-4575

Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote attackers to execute arbitrary SQL commands via the 1 lastname, 2 firstname, 3 passwordOld, 4 passwordNew, 5 id, 6 language, 7 defaultLetter, 8 newuserPass, 9 newuserType, 10 newuserEmail parameters in a user.php; the 1...

CVE-2006-4575

Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote attackers to execute arbitrary SQL commands via the 1 lastname, 2 firstname, 3 passwordOld, 4 passwordNew, 5 id, 6 language, 7 defaultLetter, 8 newuserPass, 9 newuserType, 10 newuserEmail parameters in a user.php; the 1...

CVE-2006-5564

Cross-site scripting XSS vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

CVE-2006-5564

Cross-site scripting XSS vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

CVE-2006-5064

Multiple cross-site scripting XSS vulnerabilities in BirdBlog 1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 entryid parameter in comment.php, 2 page parameter in index.php, or the 3 uid parameter in user.php. NOTE: the provenance of this information is...

CVE-2006-4794

Multiple cross-site scripting XSS vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string PATHINFO in 1 contact.php, 2 download.php, 3 admin.php, 4 fpw.php, 5 news.php, 6 search.php, 7 signup.php, 8 submitnews.php, and 9 user.php. NOTE: the...

Empire CMS 3.7 - 'checklevel.php' Remote File Inclusion

Empire CMS =3.7 checklevel.php Remote File Include Vulnerability Find by: Bob Linuson Code: 2 $includefile=$checkpath."e/class/MemberLevel.php"; 3 include"$includefile"; ..... 67 include$checkpath."e/class/connect.php"; 68 include$checkpath."e/class/dbsql.php"; 69...

Empire CMS 3.7 - checklevel.php Remote File Inclusion

Empire CMS 3.7 - checklevel.php Remote File Inclusion Empire CMS =3.7 checklevel.php Remote File Include Vulnerability Find by: Bob Linuson Code: 2 $includefile=$checkpath."e/class/MemberLevel.php"; 3 include"$includefile"; ..... 67 include$checkpath."e/class/connect.php"; 68...