Lucene search
K

169 matches found

CVE
CVE
added 2007/01/09 11:0 a.m.49 views

CVE-2007-0130

CVE-2007-0130 describes a SQL injection in the web front-end of iGeneric iG Calendar 1.0, specifically in the file or function handling the id parameter of user.php. The vulnerability enables remote attackers to execute arbitrary SQL commands by supplying crafted input for id, leading to potentia...

7.5CVSS8.4AI score0.01264EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2007/01/09 11:0 a.m.20 views

CVE-2007-0132

SQL injection vulnerability in compareproduct.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter...

8.4AI score0.01755EPSS
Exploits1References8
Cvelist
Cvelist
added 2007/01/09 11:0 a.m.22 views

CVE-2007-0134

Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in 1 cart.php and 2 page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1...

7.9AI score0.11327EPSS
Exploits1References11
CVE
CVE
added 2007/01/09 11:0 a.m.50 views

CVE-2007-0134

The CVE-2007-0134 issue affects iGeneric iG Shop, originally version 1.0. It enables remote code execution via eval in the action parameter passed to eval call sites in cart.php and page.php. A later report notes the vulnerability is also present in version 1.4. The connected sources consistently...

7.5CVSS7.9AI score0.11327EPSS
Exploits1References11Affected Software1
CVE
CVE
added 2007/01/09 11:0 a.m.45 views

CVE-2007-0132

The CVE-2007-0132 entry concerns a SQL injection in the iGeneric iG Shop 1.4 application, specifically in compare_product.php. The underlying flaw allows an attacker to manipulate the id parameter to execute arbitrary SQL commands on the backend database. Affected component is the compare_product...

7.5CVSS8.4AI score0.01755EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2007/01/09 11:0 a.m.49 views

CVE-2007-0133

The CVE-2007-0133 entry describes multiple SQL injection vulnerabilities in display_review.php for iGeneric iG Shop

7.5CVSS8.5AI score0.00926EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2007/01/09 11:0 a.m.20 views

CVE-2007-0130

SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...

8.4AI score0.01264EPSS
Exploits0References7
seebug.org
seebug.org
added 2007/01/09 12:0 a.m.40 views

IGeneric IG Shop SQL注入漏洞

IGeneric IG Shop是一款基于PHP的WEB应用程序。 IGeneric IG Shop不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'compareproduct.php'脚本对用户提交的'id'参数缺少过滤,提交恶意脚本代码作为参数数据,可导致获得敏感信息。 iGeneric iG Shop 1.0 目前没有解决方案提供: http://www.igeneric.co.uk/displayresources/resource1.html...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/01/09 12:0 a.m.38 views

iGeneric iG Calendar USER.PHP SQL注入漏洞

iGeneric iG Calendar是一款基于PHP的WEB应用程序。 iGeneric iG Calendar不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'USER.PHP'脚本对用户提交的'id'参数缺少过滤,提交恶意脚本代码作为参数数据,可导致获得敏感信息。 iGeneric iG Calendar 1.0 目前没有解决方案提供: http://www.igeneric.co.uk/displayresources/resource3.html...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2007/01/05 12:0 a.m.26 views

igcal10-sql.txt

SQL Injection in ig-Calendar. This works regardless of magicquotesgpc! Dumps mysql login informaion: http://127.0.0.1/ig-calendar/user.php?id=999%20union%20select%201,User,Password,Host,Filepriv,0%20from%20mysql.user ./user.php line 52: $query = 'SELECT FROM users WHERE id='.$id; Should have used...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2007/01/05 12:0 a.m.18 views

iG Shop 1.0 (eval/sql injection) Multiple Remote Vulnerabilities

No description provided by source. "If eval is the answer, then you are asking the wrong question." --Unknowen ig-shop suffers from two eval's that can be controlled by an attacker: http://127.0.0.1/igshop/cart.php?action=;phpinfo;// ./cart.php line 692: eval "cart$action;";...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2007/01/05 12:0 a.m.32 views

iG Calendar 1.0 - 'user.php?id' SQL Injection

SQL Injection in ig-Calendar. This works regardless of magicquotesgpc! Dumps mysql login informaion: http://127.0.0.1/ig-calendar/user.php?id=999%20union%20select%201,User,Password,Host,Filepriv,0%20from%20mysql.user ./user.php line 52: $query = 'SELECT FROM users WHERE id='.$id; Should have used...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2007/01/05 12:0 a.m.59 views

ig shop 1.0 - Code Execution / SQL Injection

"If eval is the answer, then you are asking the wrong question." --Unknowen ig-shop suffers from two eval's that can be controlled by an attacker: http://127.0.0.1/igshop/cart.php?action=;phpinfo;// ./cart.php line 692: eval "cart$action;"; http://127.0.0.1/igshop/page.php?action=;phpinfo;//...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2007/01/05 12:0 a.m.49 views

SQL Injection in ig-Calendar

SQL Injection in ig-Calendar. This works regardless of magicquotesgpc! Dumps mysql login informaion: http://127.0.0.1/ig-calendar/user.php?id=99920union20select201,User,Password,Host,Filepriv,020from20mysql.user ./user.php line 52: $query = 'SELECT FROM users WHERE id='.$id; Should have used quot...

1.3AI score
Exploits0
exploitpack
exploitpack
added 2007/01/05 12:0 a.m.24 views

ig shop 1.0 - Code Execution SQL Injection

ig shop 1.0 - Code Execution SQL Injection "If eval is the answer, then you are asking the wrong question." --Unknowen ig-shop suffers from two eval's that can be controlled by an attacker: http://127.0.0.1/igshop/cart.php?action=;phpinfo;// ./cart.php line 692: eval "cart$action;";...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2007/01/05 12:0 a.m.21 views

iG Calendar 1.0 - user.php?id SQL Injection

iG Calendar 1.0 - user.php?id SQL Injection SQL Injection in ig-Calendar. This works regardless of magicquotesgpc! Dumps mysql login informaion: http://127.0.0.1/ig-calendar/user.php?id=999%20union%20select%201,User,Password,Host,Filepriv,0%20from%20mysql.user ./user.php line 52: $query = 'SELECT...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2007/01/05 12:0 a.m.21 views

iG Calendar 1.0 (user.php id variable) Remote SQL Injection Vulnerability

No description provided by source. SQL Injection in ig-Calendar. This works regardless of magicquotesgpc! Dumps mysql login informaion: http://127.0.0.1/ig-calendar/user.php?id=999%20union%20select%201,User,Password,Host,Filepriv,0%20from%20mysql.user ./user.php line 52: $query = 'SELECT FROM use...

7.1AI score
Exploits0
0day.today
0day.today
added 2007/01/05 12:0 a.m.28 views

iG Calendar 1.0 (user.php id variable) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================================= iG Calendar 1.0 user.php id variable Remote SQL Injection Vulnerability ========================================================================= SQL Injection in...

7.1AI score
Exploits0
NVD
NVD
added 2006/10/31 10:7 p.m.18 views

CVE-2006-5631

Cross-site scripting XSS vulnerability in changepass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via arbitrary query strings when the action parameter is not "1", as demonstrated using script in the action parameter, a different vulnerability than CVE-2006-56...

6.8CVSS5.6AI score0.01324EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2006/10/31 10:0 p.m.8 views

CVE-2006-5632

Cross-site scripting XSS vulnerability in changepass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-5631. NOTE: the provenance of this information is unknown; the details are obtained solely from thir...

6.2AI score0.01232EPSS
Exploits1References4
Rows per page
Query Builder