Clever Copy 3.0 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/27335/info Clever Copy is prone to multiple input-validation vulnerabilities, including two SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacke...

MyBB 1.2.10 - moderation.php Multiple SQL Injections

MyBB 1.2.10 - moderation.php Multiple SQL Injections source: https://www.securityfocus.com/bid/27323/info MyBB is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an...

eTicket 1.5.5.2 - search.php Multiple SQL Injections

eTicket 1.5.5.2 - search.php Multiple SQL Injections source: https://www.securityfocus.com/bid/27173/info eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These vulnerabilities include multiple SQL-injection...

eTicket 1.5.5.2 - 'search.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/27173/info eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues, a cross-site scripting issue, and an...

eTicket 1.5.5.2 - 'admin.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/27173/info eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues, a cross-site scripting issue, and an...

MyPHP Forum 3.0 - 'search.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/27118/info MyPHP Forum is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access o...

InstantSoftwares Dating Site - Login SQL Injection

source: https://www.securityfocus.com/bid/27080/info InstantSoftwares Dating Site is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application,...

OpenBiblio 0.x - staff_del_confirm.php Multiple Cross-Site Scripting Vulnerabilities

OpenBiblio 0.x - staffdelconfirm.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/27053/info OpenBiblio is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include SQL-injection,...

OpenBiblio 0.x - 'theme_preview.php?themeName' Cross-Site Scripting

source: https://www.securityfocus.com/bid/27053/info OpenBiblio is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include SQL-injection, cross-site scripting, HTML-injection, and local file-include vulnerabilities...

Logaholic - 'index.php?conf' Cross-Site Scripting

source: https://www.securityfocus.com/bid/27003/info Logaholic is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues, a cross-site scripting issue, and an HTML-injection issue. The issues occur because the application fails to sufficiently sanitize...

Logaholic - 'index.php' SQL Injection

source: https://www.securityfocus.com/bid/27003/info Logaholic is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues, a cross-site scripting issue, and an HTML-injection issue. The issues occur because the application fails to sufficiently sanitize...

PHP Security Framework - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/26898/info PHP Security Framework is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and remote file-include issues. A successful exploit may allow an attacker to execute malicious code within the context of the...

Neuron News 1.0 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/26896/info Neuron News is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and two cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attack...

phpRPG 0.8 - '/tmp' Directory PHPSESSID Cookie Session Hijacking

source: https://www.securityfocus.com/bid/26884/info phpRPG is prone to two vulnerabilities: - An SQL-injection vulnerability - A vulnerability that lets remote attackers gain access to sessions. Exploiting these issues may allow an unauthorized user to steal sessions, access or modify data, or...

Joomla! Component com_search 1.5 RC3 - index.php Multiple SQL Injections

Joomla! Component comsearch 1.5 RC3 - index.php Multiple SQL Injections source: https://www.securityfocus.com/bid/26707/info Joomla! is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these...

Absolute News Manager .NET 5.1 - xlaabsolutenm.aspx Multiple SQL Injections

Absolute News Manager .NET 5.1 - xlaabsolutenm.aspx Multiple SQL Injections source: https://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues...

Absolute News Manager .NET 5.1 - getpath.aspx Direct Request Error Message Information

Absolute News Manager .NET 5.1 - getpath.aspx Direct Request Error Message Information source: https://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure...

Absolute News Manager .NET 5.1 - pagesdefault.aspx?template Remote File Access

Absolute News Manager .NET 5.1 - pagesdefault.aspx?template Remote File Access source: https://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues...

Absolute News Manager .NET 5.1 - '/pages/default.aspx?template' Cross-Site Scripting

source: https://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues. Attackers can exploit these issues to steal cookie-based authentication...

bcoos 1.0.10 - ratephoto.php SQL Injection

bcoos 1.0.10 - ratephoto.php SQL Injection source: https://www.securityfocus.com/bid/26629/info The 'bcoos' program is prone to multiple input-validation vulnerabilities, including SQL-injection issues and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data...