57 matches found
CVE-2010-2461
SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 allows remote attackers to execute arbitrary SQL commands via the store parameter...
Sql injection
SQL injection vulnerability in merchantproductlist.php in JCE-Tech Shareasale Script SASS 1 allows remote attackers to execute arbitrary SQL commands via the mechantid parameter...
Sql injection
SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 allows remote attackers to execute arbitrary SQL commands via the store parameter...
CVE-2010-2461
SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 allows remote attackers to execute arbitrary SQL commands via the store parameter...
CVE-2010-2461
CVE-2010-2461 describes a SQL injection vulnerability in the storecat.php script of JCE-Tech Overstock 1 , exploitable by supplying a crafted value to the store parameter to execute arbitrary SQL. The NVD entry assigns a CVSS v2 base score 7.5 (HIGH) , with network access, no authentication, and ...
CVE-2010-2460
CVE-2010-2460 affects JCE-Tech Shareasale Script (SASS) 1, where the file merchant_product_list.php contains an SQL injection vulnerability exposed via the mechant_id parameter. The root cause is unsanitized input leading to arbitrary SQL execution, enabling remote attackers to manipulate the dat...
CVE-2010-0380
install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation...
CVE-2010-0380
install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation...
CVE-2010-0380
The CVE-2010-0380 entry concerns JCE-Tech PHP Calendars (install.php) where a direct request can bypass access restrictions and allow modification of application settings. The vulnerability hinges on administrators not following recommendations in the product installation documentation. The provi...
CVE-2010-0376
Cross-site scripting XSS vulnerability in productlist.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation ...
Cross site scripting
Cross-site scripting XSS vulnerability in productlist.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation ...
CVE-2010-0375
SQL injection vulnerability in productlist.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Sql injection
SQL injection vulnerability in productlist.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2010-0376
Cross-site scripting XSS vulnerability in productlist.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation ...
CVE-2010-0376
CVE-2010-0376 is an XSS vulnerability in JCE-Tech PHP Calendars, specifically in product_list.php where the cat parameter can be exploited to inject arbitrary HTML/Script. The issue is described as arising from a forced SQL error message related to CVE-2010-0375. Connected sources confirm the vul...
CVE-2010-0375
CVE-2010-0375 concerns a SQL injection vulnerability in product_list.php of JCE-Tech PHP Calendars, exploitable via the cat parameter to execute arbitrary SQL commands. The vulnerability is documented across multiple sources (NVD/NVD-derived listings, CVE records, and third-party references) with...
CVE-2009-3198
Cross-site scripting XSS vulnerability in search.php in JCE-Tech Affiliate Master Datafeed Parser Script 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter...
CVE-2009-3196
Cross-site scripting XSS vulnerability in index.php in JCE-Tech PHP Video Script allows remote attackers to inject arbitrary web script or HTML via the key parameter...
CVE-2009-3197
Cross-site scripting XSS vulnerability in search.php in JCE-Tech PHP Calendars Script allows remote attackers to inject arbitrary web script or HTML via the search parameter...
CVE-2009-3194
Cross-site scripting XSS vulnerability in index.php in JCE-Tech SearchFeed Script allows remote attackers to inject arbitrary web script or HTML via the search parameter...