328 matches found
CVE-2005-2580
Multiple SQL injection vulnerabilities in MyBulletinBoard MyBB 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in 1 index.php or 2 member.php, action parameter to 3 search.php or 4 member.php, or 5 polloptions parameter to polls.php...
CVE-2005-2001
CVE-2005-2001 : The vulnerability affects paFileDB 3.1 and earlier, where a directory traversal flaw allows remote attackers to include arbitrary files via ".." in the action parameter. The NVD/CVE entries concur on the description, with a CVSS v2 base score of 5.0 (Medium) and links to historica...
CVE-2005-2001
Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and earlier allows remote attackers to include arbitrary files via a .. dot dot in the action parameter...
CVE-2005-0327
pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php...
CVE-2005-0327
pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php...
CVE-2004-0033
PHPGEDVIEW 2.61’s admin.php is vulnerable to information disclosure: an attacker can trigger a phpinfo command via an action parameter to reveal sensitive data. The affected component is admin.php (PHPGEDVIEW 2.61). Root cause is improper handling of the action parameter, enabling remote code/inf...
CVE-2003-0615
Cross-site scripting XSS vulnerability in startform of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter...
CVE-2003-0483
Cross-site scripting XSS vulnerabilities in XMB Forum 1.8 Partagium allow remote attackers to insert arbitrary script via 1 the member parameter to member.php or 2 the action parameter to buddy.php...