247 matches found
PT-2015-5258 · Blubrry · Blubrry Powerpress Podcasting Plugin
Name of the Vulnerable Software and Affected Versions: Blubrry PowerPress Podcasting plugin versions prior to 6.0.1 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a "powerpress-editcategoryfeed" action in the "powerpressadmin...
Code injection
WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the 1 js or 2 cat parameter...
KAPhotoservice 7.5 album.asp cat Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/18379/info KAPhotoservice is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in...
photokorn 1.53/1.54 print.php cat Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/17683/info Photokorn is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker ...
Dev Web Management System 1.5 getfile.php cat Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/16063/info Dev Web Management System is prone to multiple input validation vulnerabilities. These issues may allow SQL injection and cross-site scripting attacks. Dev Web Management System versions 1.5 and earlier are pro...
Sql injection
SQL injection vulnerability in links.php in MYRE Business Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 n parameter to browsevideos.php or the 2 cat parameter to groups.php...
CVE-2011-0646
SQL injection vulnerability in viewfaqs.php in PHP LOW BIDS allows remote attackers to execute arbitrary SQL commands via the cat parameter...
Sql injection
SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646...
CVE-2010-4152
CVE-2010-4152 affects 4Site CMS 2.6 and earlier, with a concrete SQL injection vulnerability in the Catalog module. The issue is triggered via the cat parameter in catalog/index.shtml, and HTB reports additional vulnerable vectors in other modules (portfolio/index.shtml with i parameter, faq/inde...
Remote file inclusion
PHP remote file inclusion vulnerability in picturelib.php in SmartISoft phpBazar 2.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cat parameter...
Sql injection
SQL injection vulnerability in browse.html in PHP Video Battle Script allows remote attackers to execute arbitrary SQL commands via the cat parameter...
CVE-2010-1112
Cross-site scripting XSS vulnerability in cat.php in KloNews 2.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter...
CVE-2010-0376
Cross-site scripting XSS vulnerability in productlist.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation ...
Sql injection
SQL injection vulnerability in productlist.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2010-0376
Cross-site scripting XSS vulnerability in productlist.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation ...
Sql injection
SQL injection vulnerability in mainforum.php in PTCPay GeN3 forum 1.3 allows remote attackers to execute arbitrary SQL commands via the cat parameter...
Sql injection
SQL injection vulnerability in the JoomClip comjoomclip component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a thumbs action to index.php...
Sql injection
SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCaseDocuments 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter...
CVE-2009-3499
SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCaseDocuments 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter...