13 matches found
EUVD-2006-5616
Malware in sbrugna...
EUVD-2006-5617
Malware in sbrugna...
igshop14-eval.txt
!/usr/bin/perl -w use LWP::UserAgent; iG Shop 1.4 eval Inclusion Vulnerability found by IFX nyubicrew Vulnerability on page.php if !$action $action = "make"; // here the function will be called. eval "page$action;"; die "Example: perl $0 http://www.planetgolfuk.co.uk/shop\n" unless @ARGV; $b =...
iG Shop 1.4 (page.php) Remote SQL Injection Vulnerability
No description provided by source. Discovered by: gsy & kerem125 Website: www.kerem125.com Script Download: http://www.igeneric.co.uk/ig-shopping-cart.html exploit:/shop/page.php?pagetype=catalognavigate&typeid=-99%20union//select//password//from//users/...
iG Shop 1.4 - page.php SQL Injection
iG Shop 1.4 - page.php SQL Injection Discovered by: gsy & kerem125 Website: www.kerem125.com Script Download: http://www.igeneric.co.uk/ig-shopping-cart.html exploit:/shop/page.php?pagetype=catalognavigate&typeid=-99%20union//select//password//from//users/...
Sql injection
Multiple SQL injection vulnerabilities in displayreview.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 id or 2 userlogincookie parameter...
CVE-2007-0132
SQL injection vulnerability in compareproduct.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2007-0132
The CVE-2007-0132 entry concerns a SQL injection in the iGeneric iG Shop 1.4 application, specifically in compare_product.php. The underlying flaw allows an attacker to manipulate the id parameter to execute arbitrary SQL commands on the backend database. Affected component is the compare_product...
CVE-2007-0133
The CVE-2007-0133 entry describes multiple SQL injection vulnerabilities in display_review.php for iGeneric iG Shop
CVE-2006-5632
CVE-2006-5632 describes an XSS vulnerability in iG Shop 1.4 affecting change_pass.php via the id parameter. The root cause is improper handling/validation of the id parameter in that script, enabling remote attackers to inject arbitrary web script or HTML. The connected PT Security entries (PT-20...
CVE-2006-5631
CVE-2006-5631: XSS in iG Shop 1.4's change_pass.php. Vulnerable when action parameter is not "1" (arbitrary query strings may inject script/HTML). Affected file: change_pass.php in iG Shop 1.4. CVSS v2 base score 6.8 (Medium). Mitigations in connected PT Security notes suggest restricting access ...
CVE-2006-5632
Cross-site scripting XSS vulnerability in changepass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-5631. NOTE: the provenance of this information is unknown; the details are obtained solely from thir...
CVE-2006-5631
Cross-site scripting XSS vulnerability in changepass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via arbitrary query strings when the action parameter is not "1", as demonstrated using script in the action parameter, a different vulnerability than CVE-2006-56...