CVE-2008-7119

SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2008-5170

SQL injection vulnerability in item.php in Cheats Complete Website 1.1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter...

Sql injection

SQL injection vulnerability in item.php in Cheats Complete Website 1.1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter...

CVE-2008-5170

SQL injection vulnerability in item.php in Cheats Complete Website 1.1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter...

CVE-2008-5170

The CVE-2008-5170 entry concerns Cheats Complete Website 1.1.1 and identifies a vulnerability in the item.php component. The issue is a SQL injection via the itemid parameter , which allows remote attackers to execute arbitrary SQL commands. The description explicitly states this as a remote comm...

WeBid 0.5.4 - item.php SQL Injection

WeBid 0.5.4 - item.php SQL Injection Application :: WeBid v0.5.4 sql injection vuln Download :: http://www.sourceforge.net/projects/simpleauction Found By ::Stack...

WeBid 0.5.4 (item.php id) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================ WeBid 0.5.4 item.php id Remote SQL Injection Vulnerability ============================================================ Application :: WeBid v0.5.4 sql injection vuln Download ::...

WeBid 0.5.4 - 'item.php' SQL Injection

Application :: WeBid v0.5.4 sql injection vuln Download :: http://www.sourceforge.net/projects/simpleauction Found By ::Stack http://www.site.il/item.php?id=-1//UNION//SELECT//1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32/ milw0rm.com 2008-09-01...

affildir-sql.txt

|| | | Affiliate Directory id Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | | | script : http://scripts-for-sites.com/item.php?item=107 | | DorK :...

Sql injection

SQL injection vulnerability in item.php in PHPAuction 3.2 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2008-2900

PHPAuction 3.2 is affected by an SQL injection in item.php, exploitable via the id parameter to allow remote execution of arbitrary SQL commands. This is the underlying root cause reported in CVE-2008-2900 and is reflected across NVD and CVE records. No explicit remediation or patched version is ...

phpAuction 3.2.1 - 'item.php' SQL Injection

phpauction-gpl Version3.2 Version SQL Injection Vulnerability ======================================================== Author: Hussin X = = Home : www.tryag.cc/cc = = email: darkangelg85atYahooDoTcom = hussin.xathotmailDoTcom = = ======================================================== HomE scrip...

phpAuction 3.2.1 - item.php SQL Injection

phpAuction 3.2.1 - item.php SQL Injection phpauction-gpl Version3.2 Version SQL Injection Vulnerability ======================================================== Author: Hussin X = = Home : www.tryag.cc/cc = = email: darkangelg85atYahooDoTcom = hussin.xathotmailDoTcom = =...

Design/Logic Flaw

SAXON 5.4, with displayerrors enabled, allows remote attackers to obtain sensitive information via 1 a direct request for news.php, 2 an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in 3 admin/, 4 rss/, and 5 the ro...

CVE-2007-4861

SAXON 5.4, with displayerrors enabled, allows remote attackers to obtain sensitive information via 1 a direct request for news.php, 2 an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in 3 admin/, 4 rss/, and 5 the ro...

CVE-2007-4861

SAXON 5.4 is affected by multiple path disclosure flaws when display_errors is enabled. Exploitation vectors include direct requests to news.php, improper handling of newsid in admin/edit-item.php, and other scripts under admin/, rss/, and the installation root, which reveal server paths in error...

CVE-2006-7005

The CVE-2006-7005 entry describes an SQL injection in PSY Auction’s item.php, exploitable via the id parameter to allow remote execution of arbitrary SQL. The vulnerability is triggered through a manipulable id value, leading to partial confidentiality, integrity, and availability impact as per t...

CVE-2006-3613

Multiple cross-site scripting XSS vulnerabilities in Chamberland Technology ezWaiter 3.0 Online and possibly Enterprise Software aka enterprise edition allow remote attackers to inject arbitrary web script or HTML via the 1 itemfor aka "Who is this item for?" and 2 special aka "Special...

CVE-2006-3613

Multiple cross-site scripting (XSS) vulnerabilities exist in Chamberland Technology ezWaiter 3.0 Online (and possibly Enterprise Software). The issues allow remote attackers to inject arbitrary web script or HTML via: (1) itemfor (the “Who is this item for?” field) and (2) special (the “Special I...