CVE-2006-1853

Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier allow remote attackers or administrators to execute arbitrary SQL commands via the 1 id parameter in a user.php, or 2 where and 3 order parameters to b admin.php...

CVE-2006-1755

SQL injection vulnerability in admin.php in MD News 1 allows remote attackers to execute arbitrary SQL commands via the id parameter...

Sql injection

SQL injection vulnerability in admin.php in MD News 1 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2006-1755

MD News 1 admin.php is affected by an SQL injection in the id parameter that allows remote attackers to run arbitrary SQL. Root cause: improper handling of input leading to SQL injection. Impact: potential unauthorized data exposure or modification; exploitation is remote over the network with lo...

CVE-2006-1755

SQL injection vulnerability in admin.php in MD News 1 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2006-1710

SQL injection vulnerability in admin.php in Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the 1 email and 2 id parameters...

Sql injection

SQL injection vulnerability in admin.php in Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the 1 email and 2 id parameters...

CVE-2006-1710

CVE-2006-1710: SQL injection vulnerability in admin.php of Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) email and (2) id parameters. The affected software appears to be Design Nation DNGuestbook 2.0, with the injection point in admin.php. The...

Sql injection

Multiple SQL injection vulnerabilities in vscripts aka Kuba Kunkiewicz VNews 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 loginvar parameter in a admin/admin.php, and the 2 news and 3 nom parameters in b news.php...

CVE-2006-1543

Multiple SQL injection vulnerabilities in vscripts aka Kuba Kunkiewicz VNews 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 loginvar parameter in a admin/admin.php, and the 2 news and 3 nom parameters in b news.php...

CVE-2006-1276

admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows remote attackers to bypass authentication by setting the admin parameter in a cookie...

Directory traversal

Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to read and possibly execute arbitrary files via a .. dot dot in the 1 optionlanguage and 2 optiontemplate parameters, and 3 possibly other parameters, to a admin.php and b other unspecified...

CVE-2006-1087

Direct static code injection vulnerability in the modifyconfig action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the optionnewcompatibilitymode parameter, which is not filtered before being stored in config.php. NOTE...

CVE-2006-1083

CVE-2006-1083 describes multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and earlier. The flaws allow remote attackers to read (and possibly execute) arbitrary files by supplying a .. (dot dot) in parameters such as option[language] and option[template], targeting admin.php and o...

CVE-2006-1087

Direct static code injection vulnerability in the modifyconfig action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the optionnewcompatibilitymode parameter, which is not filtered before being stored in config.php. NOTE...

MyBloggie: Multiple XSS Vulnerabilities

=========================================================== MyBloggie: Multiple XSS Vulnerabilities =========================================================== Technical University of Vienna Security Advisory TUVSA-0603-002, March 9, 2006 ==========================================================...

CVE-2006-1083

Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to read and possibly execute arbitrary files via a .. dot dot in the 1 optionlanguage and 2 optiontemplate parameters, and 3 possibly other parameters, to a admin.php and b other unspecified...

PHP-Stats <= 0.1.9.1 remote commands execution

------------- PHP-Stats = 0.1.9.1 remote commands execution ------------------- software: site: http://www.phpstats.net/ description: Open source statistical package for PHP enabled web sites -------------------------------------------------------------------------------- i vulnerable code in...

CVE-2006-0801

SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magicquotesgpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php...

CVE-2006-0215

Cross-site scripting XSS vulnerability in admin.php in QualityEBiz Quality PPC QPPC 1.0 build 1644 allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. NOTE: this issue might be resultant from CVE-2006-0216...