360 matches found
Sql injection
SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the userID parameter...
CVE-2006-2486
SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the userID parameter...
CVE-2006-2486
SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the userID parameter...
CVE-2006-2067
SQL injection vulnerability in vbboardfunctions.php in MKPortal 1.1, as used with vBulletin 3.5.4 and earlier, allows remote attackers to execute arbitrary SQL commands via the userid parameter...
CVE-2006-1917
SQL injection vulnerability in member.php in Blackorpheus ClanMemberSkript 1.0 allows remote attackers to execute arbitrary SQL commands via the userID parameter...
Sql injection
SQL injection vulnerability in member.php in Blackorpheus ClanMemberSkript 1.0 allows remote attackers to execute arbitrary SQL commands via the userID parameter...
CVE-2006-1917
SQL injection vulnerability in member.php in Blackorpheus ClanMemberSkript 1.0 allows remote attackers to execute arbitrary SQL commands via the userID parameter...
CVE-2006-1661
Multiple cross-site scripting XSS vulnerabilities in SKForum 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 areaID parameter in area.View.action, 2 time parameter in planning.View.action, and 3 userID parameter in user.View.action...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to 1 comment.php or 2 contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441...
CVE-2006-1133
Multiple cross-site scripting XSS vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to 1 comment.php or 2 contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441...
CVE-2006-1133
Multiple cross-site scripting XSS vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to 1 comment.php or 2 contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441...
CVE-2005-4139
Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the 1 year parameter in calendar.php, 2 user parameter array in vprofile.php, and 3 the userid parameter in misc.php...
CVE-2005-3386
SQL injection vulnerability in Techno Dreams Web Directory script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp...
CVE-2005-3383
SQL injection vulnerability in Techno Dreams Announcement script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp...
CVE-2005-3383
SQL injection vulnerability in Techno Dreams Announcement script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp...
CVE-2005-3385
The CVE-2005-3385 entry describes a SQL injection vulnerability in Techno Dreams Mailing List script that allows remote attackers to execute arbitrary SQL and bypass authentication via the userid parameter in admin/login.asp. Affected component: the Mailing List script; vulnerability type: SQL in...
CVE-2005-3024
Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 announcement parameter to announcement.php, the 2 threadforumid or 3 criteria parameters to thread.php, 4 userid parameter to user.php, the 5...
CVE-2005-2441
Multiple cross-site scripting XSS vulnerabilities in VBzoom allow remote attackers to inject arbitrary web script and HTML via the 1 UserName parameter to profile.php or 2 UserID parameter to login.php...
CVE-2005-0216
Cross-site scripting XSS vulnerability in formmail.php in Woltlab Burning Board Lite 1.0.0, 1.0.1e, and possibly other versions, allows remote attackers to inject arbitrary web script and HTML via the userid parameter...
CVE-2002-1264
Buffer overflow in Oracle iSQLPlus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL...