6 matches found
CVE-2008-0684
Cross-site scripting XSS vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to inject arbitrary web script or HTML via the CatID parameter...
CVE-2008-0685
SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to inject arbitrary web script or HTML via the CatID parameter...
Sql injection
SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter...
CVE-2008-0684
CVE-2008-0684 documents a cross-site scripting (XSS) vulnerability in ViewCat.php of iTechClassifieds 3.0, exploitable via the CatID parameter to inject arbitrary web script/HTML. The root cause is lack of proper input validation/sanitization in Category ID handling, allowing attacker-supplied in...
CVE-2008-0685
The CVE-2008-0685 entry concerns a SQL injection in ViewCat.php of iTechClassifieds 3.0, exploitable via the CatID parameter to yield arbitrary SQL commands on the backend. Affected component is the ViewCat.php code path in iTechClassifieds 3.0, with the underlying issue being improper handling o...