210 matches found
CVE-2006-2959
SQL injection vulnerability in incheader.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie...
WEBalbum skin2 Cookie Parameter Traversal Local File Inclusion
The remote host is running WEBalbum, a photo album application written in PHP. The installed version of WEBalbum fails to sanitize user input to the 'skin2' cookie in 'inc/incmain.php' before using it to include arbitrary files. An unauthenticated attacker may be able to read arbitrary local file...
Sql injection
SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbbusername COOKIE parameter...
CVE-2006-1978
SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbbusername COOKIE parameter...
CVE-2006-1480
Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by 1 injecting code into local log files via GET commands, then 2 accessing that log via a .. dot dot sequence and a trailing null %00 byte in the skin2 COOKIE...
CVE-2006-1276
admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows remote attackers to bypass authentication by setting the admin parameter in a cookie...
Sql injection
SQL injection vulnerability in misc.php in MyBulletinBoard MyBB 1.03, when registerglobals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected...
CVE-2006-0962
SQL injection vulnerability in vuBB 0.2 allows remote attackers to execute arbitrary SQL commands via the pass parameter in a cookie...
CVE-2006-0962
SQL injection vulnerability in vuBB 0.2 allows remote attackers to execute arbitrary SQL commands via the pass parameter in a cookie...
CVE-2006-0372
Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the 1 blogphpusername or 2 blogphppassword parameter in a cookie...