691 matches found
DEBIAN-CVE-2007-1054
Cross-site scripting XSS vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer...
CVE-2006-6230
SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a register action to index.php, a different vulnerability than CVE-2006-0962...
PT-2006-5618 · All Enthusiast · Reviewpost
Name of the Vulnerable Software and Affected Versions: All Enthusiast ReviewPost version 2.5 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the RP PATH parameter in the index.php file. Recommendations: For All Enthusiast ReviewPost version 2.5, consider...
PT-2006-5528 · Phprog · Phprog
Name of the Vulnerable Software and Affected Versions: PHProg versions prior to 1.1 Description: The issue allows remote attackers to read arbitrary files via a .. dot dot in the lang parameter of the index.php file. This is a directory traversal vulnerability. Recommendations: For versions prior...
PT-2006-5229 · Jupiter · Jupiter Cms
Name of the Vulnerable Software and Affected Versions: Jupiter CMS version 1.1.5 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the template parameter in the index.php file. However, it's noted that the $template variable is defined as a static value...
DEBIAN-CVE-2006-2031
Cross-site scripting XSS vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter...
PT-2006-2584 · Monalbum · Monalbum
Name of the Vulnerable Software and Affected Versions: MonAlbum version 0.8.7 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in multiple parameters, including pc in index.php, and pnom, pcourriel, pcommentai...
PT-2005-4920 · Jamit · Jamit Job Board
Name of the Vulnerable Software and Affected Versions: Jamit Job Board versions 2.4.1 and earlier Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the cat parameter in the "index.php" file. The vendor has disputed this issue, claiming it has no basi...
PT-2005-4334 · Ib · Ibproarcade
Name of the Vulnerable Software and Affected Versions: ibProArcade versions 2.5.2 and earlier Description: A SQL injection issue exists in the report module of ibProArcade, allowing remote attackers to execute arbitrary SQL commands. The issue is related to the user parameter in the index.php fil...
PT-2005-3817 · Noah · Noah'S Classifieds
Name of the Vulnerable Software and Affected Versions: Noah's classifieds version 1.3 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the rollid parameter in the index.php file. This could potentially lead to unauthorized actions on...
PT-2002-2753 · Php · Php-Nuke
Name of the Vulnerable Software and Affected Versions: PHP-Nuke versions 5.4 and earlier Description: The issue allows remote attackers to gain SQL query information by exploiting debugging features that are not properly restricted. This can be achieved by setting the sql debug parameter in...