phpIP 4.3.2 - Numerous SQL Injection Vulnerablities

There exist numerous SQL injection vulnerabilities in phpIP 4.3.2, and probably previous versions. Most of the data obtained from the request variables $GET, $POST, $COOKIE, etc is not sanitized before it is passed to MySQL. This may result in un-authorized administrative access to phpIp and...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 day or 2 year parameter...

PT-2007-4165 · Saxon · Saxon

Name of the Vulnerable Software and Affected Versions: SAXON version 4.6 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the template parameter to specific PHP files, including 1 "news.php", 2 "preview.php", or 3 "archive-display.php". Recommendations: Fo...

CVE-2006-6649

CVE-2006-6649 describes a cross-site scripting (XSS) vulnerability in display.php of HyperVM 1.2 and earlier, exploitable via an encoded frm_action parameter. The weakness is disclosed in the CVE entry, which notes that the vendor disputes the issue and that the dispute could concern severity or ...

CVE-2006-5140

The CVE is confirmed with concrete details in connected sources: Lappy512 PHP Krazy Image Host Script (phpkimagehost) 0.7a has an SQL injection in display.php exploitable via the id parameter. This allows remote attackers to execute arbitrary SQL commands, impacting confidentiality, integrity, an...

CVE-2005-4427

Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the 1 fileid parameter to attachmentsend.php, 2 the $addy variable in emailparser.php, 3 $address variable in emailparser.php, 4 $aaddress variable in structs.php, 5 kbid...

CVE-2005-2331

CVE-2005-2331 involves a PHP remote file inclusion vulnerability in MooseGallery’s display.php, where the type parameter allows an attacker to cause arbitrary PHP code execution. Affected software is MooseGallery (PHP-based) with vulnerable display.php handling the type parameter. The underlying ...

CVE-2005-2331

PHP remote file inclusion vulnerability in display.php in MooseGallery allows remote attackers to execute arbitrary PHP code via the type parameter...

CVE-2005-1486

Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 trackingnum, 2 reqagree, or 3 m parameter to upstracking.php or 4 nlst parameter to display.php. NOTE: the vendor was not able to reproduce some of the reported...

CVE-2005-1486

FishCart 3.1 is affected by multiple vulnerabilities. The primary CVE (CVE-2005-1486) describes cross-site scripting via the following parameters: trackingnum, reqagree, or m in upstracking.php, and nlst in display.php. OpenVAS data also indicates SQL injection vulnerabilities in FishCart that co...

CVE-2005-1486

Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 trackingnum, 2 reqagree, or 3 m parameter to upstracking.php or 4 nlst parameter to display.php. NOTE: the vendor was not able to reproduce some of the reported...

PT-2005-2483 · Fishcart · Fishcart

Name of the Vulnerable Software and Affected Versions: FishCart version 3.1 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the cartid parameter to 'upstnt.php' or the psku parameter to 'display.php'. The vendor disputes this report,...