1163 matches found
CMS WebManager-Pro - 'c.php' SQL Injection
source: https://www.securityfocus.com/bid/42951/info CMS WebManager-Pro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or...
PHPFinance 'group.php' SQL Injection and HTML Injection Vulnerabilities
PHPFinance is prone to an SQL-injection vulnerability and an HTML- injection vulnerability because it fails to sufficiently sanitize user- supplied input. An attacker may exploit the HTML-injection issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...
TCMS - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/42766/info TCMS is prone to multiple input-validation vulnerabilities, including a local file-include vulnerability, a local file-disclosure vulnerability, multiple SQL-injection vulnerabilities, and multiple cross-site scripting vulnerabilities. An...
AneCMS 1.0/1.3 - 'register/next' SQL Injection
source: https://www.securityfocus.com/bid/42615/info AneCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, ...
Hulihan Applications BXR 0.6.8 - SQL Injection / HTML Injection
source: https://www.securityfocus.com/bid/42247/info Hulihan Applications BXR is prone to an SQL-injection vulnerability and multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to compromise the application,...
Sandbox Multiple Remote Vulnerabilities
Sandbox is prone to multiple remote vulnerabilities, including multiple SQL-injection vulnerabilities, a local file-include vulnerability, and multiple arbitrary-file-upload vulnerabilities. Exploiting these issues could allow an attacker to upload and execute arbitrary code within the context of...
Mahara Multiple Remote Vulnerabilities
Mahara is prone to multiple remote vulnerabilities, including: 1. Multiple HTML-injection vulnerabilities 2. A cross-site request-forgery vulnerability 3. Multiple SQL-injection vulnerabilities 4. An authentication-bypass vulnerability Exploiting these issues could allow an attacker to steal...
CANDID - imageview.php?image_id Cross-Site Scripting
CANDID - imageview.php?imageid Cross-Site Scripting source: https://www.securityfocus.com/bid/41216/info CANDID is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...
PHP Bible Search - 'bible.php?chapter' Cross-Site Scripting
source: https://www.securityfocus.com/bid/41197/info PHP Bible Search is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based...
ClixNCash Clone 2010 - index.php SQL Injection
ClixNCash Clone 2010 - index.php SQL Injection source: https://www.securityfocus.com/bid/41202/info Clix'N'Cash Clone 2010 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...
V-EVA Classified Script 5.1 - classified_img.php SQL Injection
V-EVA Classified Script 5.1 - classifiedimg.php SQL Injection source: https://www.securityfocus.com/bid/41204/info V-EVA Classified Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue...
MySpace Clone 2010 - SQL Injection Cross-Site Scripting
MySpace Clone 2010 - SQL Injection Cross-Site Scripting source: https://www.securityfocus.com/bid/41199/info MySpace Clone 2010 is prone to an SQL-injection and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow a...
Clix'N'Cash Clone 2010 - 'index.php' SQL Injection
source: https://www.securityfocus.com/bid/41202/info Clix'N'Cash Clone 2010 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access ...
MySpace Clone 2010 - SQL Injection / Cross-Site Scripting
source: https://www.securityfocus.com/bid/41199/info MySpace Clone 2010 is prone to an SQL-injection and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication...
OneCMS 2.6.1 - short1 Cross-Site Scripting
OneCMS 2.6.1 - short1 Cross-Site Scripting source: https://www.securityfocus.com/bid/41194/info OneCMS is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-base...
OneCMS 2.6.1 - cat Cross-Site Scripting
OneCMS 2.6.1 - cat Cross-Site Scripting source: https://www.securityfocus.com/bid/41194/info OneCMS is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based...
OneCMS 2.6.1 - 'cat' Cross-Site Scripting
source: https://www.securityfocus.com/bid/41194/info OneCMS is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how t...
PreProject Multi-Vendor Shopping Malls - 'products.php' SQL Injection
source: https://www.securityfocus.com/bid/41074/info Pre Multi-Vendor Shopping Malls is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application...
2DayBiz ybiz Network Community Script - SQL Injection / Cross-Site Scripting
source: https://www.securityfocus.com/bid/40913/info 2daybiz Network Community Script is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal...
Sell@Site PHP Online Jobs Login - Multiple SQL Injections
Sell@Site PHP Online Jobs Login - Multiple SQL Injections source: https://www.securityfocus.com/bid/40869/info Sell@Site PHP Online Jobs is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting thes...