ubb-sql.txt

UBB.threads SQL Injection Vulnerability The variable 'C' in UBB.threads is susceptible to SQL injection. Vulnerability: http://target.com/ubbthreads.php?Cat=cat&C=' Vulnerable: UBB.threads = 6.1.1 Google d0rk: allintitle:"Forums powered by UBB.threads" John Martinelli [email protected]...

Sql injection

SQL injection vulnerability in wall.php in Picture-Engine 1.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter...

Picture-Engine 1.2.0 - wall.php?cat SQL Injection

Picture-Engine 1.2.0 - wall.php?cat SQL Injection 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex =...

Code injection

Direct static code injection vulnerability in postpost.php in Dayfox Blog dfblog 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php...

Cross site scripting

Cross-site scripting XSS vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter...

Sql injection

SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter...

CVE-2007-0951

SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter...

CVE-2007-0950

Cross-site scripting XSS vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter...

CVE-2007-0951

SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter...

CVE-2007-0259

Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to obtain sensitive information via an invalid cat parameter to boxx/knowledgebase.asp, which reveals the path in an error message...

CVE-2007-0259

Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to obtain sensitive information via an invalid cat parameter to boxx/knowledgebase.asp, which reveals the path in an error message...

Sql injection

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via 1 the cat parameter to albmgr.php, and possibly 2 the gid parameter to usermgr.php; 3 the start parameter to dbecard.php; and the...

CVE-2006-6243

Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow remote attackers to execute arbitrary SQL commands via the 1 cat or 2 did parameter...

CVE-2006-6243

Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow remote attackers to execute arbitrary SQL commands via the 1 cat or 2 did parameter...

CVE-2006-6194

Multiple SQL injection vulnerabilities in index.asp in Ultimate Survey Pro allow remote attackers to execute arbitrary SQL commands via the 1 cat or 2 did parameter...

CVE-2006-6082

CVE-2006-6082 affects the CreaScripts Creadirectory component. The documented issue is multiple XSS vulnerabilities that allow remote attackers to inject arbitrary script or HTML via the (1) cat parameter to addlisting.asp or (2) the search parameter to search.asp. The root cause is insufficient ...

CVE-2006-5847

CVE-2006-5847 is a Cross-site scripting (XSS) vulnerability in FreeWebshop 2.2.2 and earlier. The flaw exists in index.php via the cat parameter, allowing remote attackers to inject arbitrary web script or HTML. The provided documents do not include exploitation details, affected versions beyond ...

MX Smartor Album Module Remote File Include

MX Smartor Album Module Remote File Include Discovered by Paul Bakoyiannis winsec ------------------------------------------------- Vulnerable Code: if $mode == 'albumcat' include$modulerootpath. 'includes/albumcat.'.$phpEx; the rest of the vulnerable code removed for brevity Vulnerability:...

CVE-2006-5707

SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter...

CVE-2006-5512

Cross-site scripting XSS vulnerability in article.htm in Zwahlen Online Shop allows remote attackers to inject arbitrary web script or HTML via the cat parameter...