Sql injection

Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the 1 inUser aka Username and 2 inPass aka Password parameters to a inc/login.ei, reachable through login.php; and the 3 id parameter to b showbug.php and c showactivity.php. NOTE: i...

CVE-2009-2129

Cross-site request forgery CSRF vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action...

CVE-2009-2129

CVE-2009-2129 describes a cross-site request forgery (CSRF) vulnerability in the Elvin 1.2.0 login.php that allows a remote attacker to hijack the authentication of arbitrary users via a logout action. The vulnerability is documented across multiple sources (NVD entry and CVE records) with the sa...

CVE-2009-2129

Cross-site request forgery CSRF vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action...

Sql injection

Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via 1 the formUser parameter aka the Name field to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to 2...

CVE-2009-1810

Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via 1 the formUser parameter aka the Name field to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to 2...

CVE-2009-1812

Multiple SQL injection vulnerabilities in myGesuad 0.9.14 aka 0.9 allow remote attackers to execute arbitrary SQL commands via 1 the formUser parameter aka the Name field to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail...

RoomPHPlanning 1.6 Multiple Remote Vulnerabilities

No description provided by source. o o o O O ooooooo 0 oooo OOOo o o o O O O 0 0 0 o o o o o O O O 0 0000 oooo ooooo o o oooooo o o O O O 0 0 0 0 0 0 o o O O o o O OO 0 0 0 oooo ooooo oooo OOOOOO oooooo O O O 0 0 0 0 0 0oooo0 + RoomPHPlanning v1.6 Multiple Remote Exploit Vulnerabilities +...

CVE-2009-1741

CVE-2009-1741 relates to DM FileManager 3.9.2, where login.php contains multiple SQL injection vulnerabilities when magic_quotes_gpc is disabled. Remote attackers can cause arbitrary SQL execution via the (1) Username and (2) Password fields. The NVD notes a CVSSv2 base score of 6.8 (MEDIUM). No ...

CVE-2009-1741

Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 Username and 2 Password fields...

Sql injection

Multiple SQL injection vulnerabilities in admin/login.php in Wright Way Services Recipe Script 5 allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 Password fields, as reachable from admin/index.php...

CVE-2009-1662

CVE-2009-1662 affects Wright Way Services Recipe Script 5. The vulnerability resides in the admin/login.php component, where the login parameters (username and Password) are susceptible to SQL injection. The issue is reachable from admin/index.php, enabling remote attackers to manipulate SQL quer...

Sql injection

Multiple SQL injection vulnerabilities in MicBlog 0.0.3, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 cat parameter to category.php, the 2 user parameter to login.php, and the 3 site parameter to register.php...

CVE-2008-6805

Multiple SQL injection vulnerabilities in MicBlog 0.0.3, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 cat parameter to category.php, the 2 user parameter to login.php, and the 3 site parameter to register.php...

CVE-2008-6805

Multiple SQL injection vulnerabilities in MicBlog 0.0.3, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 cat parameter to category.php, the 2 user parameter to login.php, and the 3 site parameter to register.php...

Sql injection

Multiple SQL injection vulnerabilities in TemaTres 1.031, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 idcorreoelectronico and 2 idpassword parameters to login.php. NOTE: the provenance of this information is unknown; the details are obtained...

Sql injection

Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via 1 the us parameter aka the Username field or 2 the ps parameter aka the Password field...

CVE-2008-6798

Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via 1 the us parameter aka the Username field or 2 the ps parameter aka the Password field...

CVE-2008-6798

Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via 1 the us parameter aka the Username field or 2 the ps parameter aka the Password field...