70 matches found
CVE-2006-5392
OpenDock FullCore 4.4 and earlier are affected by multiple PHP remote file inclusion vulnerabilities. An attacker can cause arbitrary PHP code execution by supplying a URL in the doc_directory parameter across numerous scripts (sw/index_sw.php; sw/lib_cart/; sw/lib_comment/ ; sw/lib_find/find.php...
CVE-2006-5164
CVE-2006-5164 affects Sum Effect Software digiSHOP 4.0. Vulnerable component: cart.php. Type: cross-site scripting (XSS). Vectors: remote attackers can craft requests using the (1) sortBy or (2) search parameters to inject arbitrary web script/HTML. Impact: potential script execution in the victi...
Sql injection
Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 categoryid parameter in a storespecialoffers.php and b store.php, and 2 prodid parameter in c cart.php and d productinfo.php. NOTE: this issue also...
Sql injection
Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow remote attackers to execute arbitrary SQL commands via the 1 id, 2 type, or 3 show parameter to a index.php; or the 4 message1 or 5 message parameter to b cart.php...
CVE-2006-1360
CVE-2006-1360 describes multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2. Attack via parameters (id, type, show to index.php; message1 or message to cart.php) can allow remote attackers to execute arbitrary SQL commands. The description specifies the vulnerable inputs but does not pr...
CVE-2006-1349
Multiple cross-site scripting XSS vulnerabilities in Musicbox 2.3 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the 1 id and 2 type and 3 show parameters in a top action in a index.php; and the 4 message1 parameter in b cart.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Musicbox 2.3 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the 1 id and 2 type and 3 show parameters in a top action in a index.php; and the 4 message1 parameter in b cart.php...
CVE-2006-1349
Multiple cross-site scripting XSS vulnerabilities in Musicbox 2.3 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the 1 id and 2 type and 3 show parameters in a top action in a index.php; and the 4 message1 parameter in b cart.php...
CVE-2005-4614
Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier allow remote attackers to execute arbitrary SQL commands or obtain the full installation path via (1) the c parameter in cart.php and (2) unspecified search module parameters. Affected: digiSHOP 3.1.17 and earlier. Impact: pote...
CVE-2005-1032
This CVE entry is rejected/not used; it does not represent an active vulnerability.