CVE-2005-1588

SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issue, saying that Quick.cart does not even use SQL and therefore can not be vulnerable to SQL injectio...

CVE-2005-1581

Vulnerability summary: CVE-2005-1581 describes a cross-site scripting (XSS) flaw in Bug Report 1.0. User input from various fields to bug_report.php is not filtered or quoted when processed by bug_list.php or admin/index.php, allowing remote attackers to inject arbitrary web script or HTML. What’...

CVE-2005-1548

CVE-2005-1548 is an SQL injection vulnerability in the index.php of Advanced Guestbook 2.3.1 . The flaw occurs in the entry parameter , allowing remote attackers to execute arbitrary SQL commands. The underlying issue is an input validation flaw that fails to sanitize user input before database i...

CVE-2005-1581

Cross-site scripting XSS vulnerability in Bug Report 1.0 allows remote attackers to inject arbitrary web script or HTML via various fields to bugreport.php, which are not filtered or quoted when processed by buglist.php or admin/index.php...

CVE-2005-1581

Cross-site scripting XSS vulnerability in Bug Report 1.0 allows remote attackers to inject arbitrary web script or HTML via various fields to bugreport.php, which are not filtered or quoted when processed by buglist.php or admin/index.php...

CVE-2005-1582

Cross-site scripting XSS vulnerability in index.php for 1Two News 1.0 allows remote attackers to inject arbitrary web script or HTML via the 1 nom, 2 email, 3 siteweb, or 4 commentaire variables...

CVE-2005-1498

Multiple cross-site scripting XSS vulnerabilities in myBloggie 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 year parameter in viewmode.php, or the 2 catid, 3 monthno, or 4 postid parameter in index.php, which are not properly sanitized before they are displayed in...

CVE-2005-1588

SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issue, saying that Quick.cart does not even use SQL and therefore can not be vulnerable to SQL injectio...

CVE-2005-1500

Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via 1 the keyword parameter in search.php; or 2 the dateno parameter in viewdate mode, 3 the catid parameter in viewcat mode, the 4 monthno or 5 year parameter in viewmonth mode, or ...

CVE-2005-1585

Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remote attackers to execute arbitrary SQL commands via the 1 iCategory or 2 page parameter to index.php, or 3 iCategory parameter in the query string to the forum directory...

CVE-2004-1962

SQL injection vulnerability in index.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection filters by using "//" sequences in the targeted fields...

CVE-2003-1175

Cross-site scripting XSS vulnerability in index.php in Sympoll 1.5 allows remote attackers to inject arbitrary web script or HTML via the vo parameter...

CVE-2003-1175

CVE-2003-1175 concerns a cross-site scripting (XSS) vulnerability in Sympoll 1.5, where the tainted vo parameter in index.php can be exploited to inject arbitrary script/HTML. The NVD entry lists a CVSSv2 base score of 6.8 (MEDIUM) with network impact, partial confidentiality, integrity and avail...

CVE-2004-2018

PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath parameter to reference a URL on a remote web server that contains the code...

CVE-2004-2010

PHP remote file inclusion in phpShop 0.7.1 and earlier allows remote attackers to execute arbitrary PHP code by setting base_dir to a URL on a remote server that serves phpshop.cfg. This affects index.php. The underlying root cause is a file inclusion weakness that trusts a user-controlled base_d...

CVE-2004-2018

Php-Nuke 6.x–7.3 is affected by a PHP remote file inclusion vulnerability in index.php, exploitable by altering the modpath parameter to reference a URL on a remote server containing malicious code, enabling remote code execution. The initial documents do not provide specific remediation steps or...

Invision Power Board index.php Multiple Parameter XSS

The version of Invision Power Board installed on the remote host suffers from a cross-site scripting vulnerability due to its failure to sanitize user input via the 'act' parameter to the 'index.php' script. An unauthenticated attacker can exploit this flaw by injecting malicious HTML and script...

CVE-2005-0676

index.php in Zorum 3.5 allows remote attackers to trigger an SQL error, and possibly inject arbitrary SQL commands, via the search capability...

CVE-2005-1445

CVE-2005-1445 affects SitePanel 2.6.1 and earlier (SitePanel2). The issue is multiple directory traversal vulnerabilities allowing remote attackers to (1) delete arbitrary files via the id parameter in a rmattach action to 5.php, and (2) read arbitrary files via the lang parameter to index.php. R...

CVE-2005-1403

Multiple cross-site scripting XSS vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the 1 image parameter to closeup.php, the 2 currentIsExpanded or 3 searchFor parameters to index.php, 4 the currentNumber parameter to...