GeoClassifieds Enterprise 2.0.5.x Index.PHP Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/19196/info GeoClassifieds Enterprise is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary scri...

CVE-2014-3871

CVE-2014-3871 documents multiple SQL injection vulnerabilities in Geodesic Solutions GeoCore MAX 7.3.3 (Ge oAuctions/GeoClassifieds) where remote attackers can trigger SQL commands via the register.php parameters (1) c[password] and (2) c[username]. The entry notes that the b parameter in index.p...

GeoClassifieds Lite Multiple Cross Site Scripting and SQL Injection Vulnerabilities

GeoClassifieds Lite is prone to multiple SQL-injection and cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie- based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlyin...

GeoClassifieds Lite 2.0.x SQL Injection / Cross Site Scripting

--------------------------------------------------------------------- + Title : GeoClassifieds Lite Multiple vulnerabilities + Affected Version : v2.0.1 & V2.0.3.1 & V2.0.3.2 &V2.0.4 + Software Link : http://geodesicsolutions.com/ + Tested on : Windows 7 + Date : 25/08/2011 + Dork : "inurl:/admin...

GeoClassifieds Lite 2.0.x - Multiple Cross-Site Scripting SQL Injections

GeoClassifieds Lite 2.0.x - Multiple Cross-Site Scripting SQL Injections source: https://www.securityfocus.com/bid/49475/info GeoClassifieds Lite is prone to multiple SQL-injection and cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based...

GeoClassifieds Lite 2.0.x - Multiple Cross-Site Scripting / SQL Injections

source: https://www.securityfocus.com/bid/49475/info GeoClassifieds Lite is prone to multiple SQL-injection and cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data...

CVE-2006-7072

Cross-site scripting XSS vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the 1 busername and 2 c parameters to a index.php, the busername parameter to b admin/index.php, and 3 cphone parameter to register.php...

CVE-2006-7072

Cross-site scripting XSS vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the 1 busername and 2 c parameters to a index.php, the busername parameter to b admin/index.php, and 3 cphone parameter to register.php...

CVE-2006-7072

CVE-2006-7072 corresponds to a cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier. The flaw permits remote attackers to inject arbitrary web script and HTML via input parameters: b[username] and c to index.php, b[username] to admin/index.php, and c[phone] to...

GeoClassifieds Enterprise <= 2.0.5.2 Cross Site Scripting

GeoClassifieds Enterprise 2.0.5.2 http://geodesicsolutions.com/products/classifieds/classifiedsenterprise.htm -------------------------- Cross Site Scripting XSS -------------------------- POST http://target.xx:80/index.php?a=10 HTTP/1.0 Host: target.xx Content-Type:...

geoClassifieds.txt

GeoClassifieds Enterprise 2.0.5.2 http://geodesicsolutions.com/products/classifieds/classifiedsenterprise.htm -------------------------- Cross Site Scripting XSS -------------------------- POST http://target.xx:80/index.php?a=10 HTTP/1.0 Host: target.xx Content-Type:...

GeoClassifieds Enterprise 2.0.5.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/19196/info GeoClassifieds Enterprise is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code execute in the browser of ...

CVE-2006-3823

SQL injection vulnerability in index.php in GeodesicSolutions 1 GeoAuctions Premier 2.0.3 and 2 GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b parameter...

CVE-2006-3823

CVE-2006-3823 describes an SQL injection in GeodesicSolutions’ index.php affecting two products: GeoAuctions Premier 2.0.3 and GeoClassifieds Basic 2.0.3. The vulnerability occurs when exploiting the b parameter in index.php, allowing remote attackers to execute arbitrary SQL commands. According ...