Sql injection

Multiple SQL injection vulnerabilities in Web Group Communication Center WGCC 1.0.3 PreRelease 1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 userid parameter to a profile.php in a "show moreinfo" action; the 2 bildid parameter to b picturegallery.php i...

CVE-2008-2446

CVE-2008-2446 affects Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier. Multiple SQL injection vulnerabilities allow arbitrary SQL execution via parameters in several actions: (1) userid in profile.php (show moreinfo), (2) bildid in picturegallery.php (shownext), (3) id in fil...

CVE-2008-2446

Multiple SQL injection vulnerabilities in Web Group Communication Center WGCC 1.0.3 PreRelease 1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 userid parameter to a profile.php in a "show moreinfo" action; the 2 bildid parameter to b picturegallery.php i...

CVE-2003-1424

message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie...

CVE-2003-1424

The CVE-2003-1424 issue involves Petitforum’s message.php, where improper authentication allows remote attackers to impersonate forum users by altering the connect cookie. This reflects insufficient session/cookie validation with an impact described as PARTIAL confidentiality/integrity/availabili...

Information disclosure

Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for 1 message.php and 2 messages.php in modules/email/. NOTE: some of these details are obtained from third party information...

CVE-2006-5148

Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including 1 search.php, 2 message.php, 3 member.php, 4 mail.php, 5 lostpassword.php, 6...

CVE-2006-5148

Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including 1 search.php, 2 message.php, 3 member.php, 4 mail.php, 5 lostpassword.php, 6...

CVE-2006-3239

SQL injection vulnerability in message.php in VBZooM 1.11 and earlier allows remote attackers to execute arbitrary SQL commands via the UserID parameter...

VBZooM <<--V1.11 "message.php" SQL injection

============================================= Discovered By: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Breeeeh BoNym-Rootshill-LiNuXrOOt-Sw33t h4ck3r ============================================= Example:- /message. php?UserID=SQL...

Sql injection

SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in message.php in the espacemembre module. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2005-4670

Technical details about CVE-2005-4670 are not publicly provided in the connected documents. The description remains the only explicit detail; monitor for updates for affected products, versions, and fixes.

CVE-2005-4670

Cross-site scripting XSS vulnerability in message.php in CityPost Automated Link Exchange LNKX allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

CityPost PHP LNKX 52.0 - 'message.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13255/info CityPost PHP LNKX is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'message.php' script. An attacker may leverage this issue to have arbitrary...

CityPost PHP LNKX 52.0 - message.php Cross-Site Scripting

CityPost PHP LNKX 52.0 - message.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13255/info CityPost PHP LNKX is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'message.php'...

CVE-2005-0930

CVE-2005-0930 is a documented XSS vulnerability in Chatness versions up to 2.5.1, exploitable via message.php by supplying input in the user field or the message parameter. Affected software is Chatness (≤2.5.1); the underlying issue is cross-site scripting that allows an attacker to inject arbit...