33 matches found
Information disclosure
Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for 1 message.php and 2 messages.php in modules/email/. NOTE: some of these details are obtained from third party information...
CVE-2006-3241
Cross-site scripting XSS vulnerability in messages.php in XennoBB 1.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the tid parameter...
CVE-2006-2459
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srchwhere parameter...
Sql injection
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srchwhere parameter...
CVE-2006-2459
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srchwhere parameter...
CVE-2005-4005
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srchtext parameter in a Search and Sort option to messages.php...
CVE-2005-4005
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srchtext parameter in a Search and Sort option to messages.php...
PHP-Fusion v6.00.109 SQL Injection and Info. Disclosure
In the latest version of PHP-Fusion, the content management system by Digitanium php-fusion.co.uk, there is an SQL Error in messages.php that reveals path names and a table name, and someone could possibly manipulate the SQL database. The error is as follows, it is with the Search and Sort option...
CVE-2005-3877
Multiple SQL injection vulnerabilities in Simple Document Management System SDMS 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the 1 folderid parameter in list.php and 2 mid parameter in a view action to messages.php...
CVE-2005-3159
CVE-2005-3159 is a SQL injection vulnerability in PHP-Fusion, specifically in messages.php where the msg_view parameter can be exploited to execute arbitrary SQL. It is described as a different vulnerability from CVE-2005-3157 and CVE-2005-3158, and is rated HIGH (CVSS v2 base score 7.5) with net...
PT-2005-3982 · Php Fusion · Php-Fusion
SQL injection vulnerability in messages.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the msg view parameter, a different vulnerability than CVE-2005-3157 and CVE-2005-3158...
PHP-Fusion 4.05.06.0 - messages.php SQL Injection
PHP-Fusion 4.05.06.0 - messages.php SQL Injection source: https://www.securityfocus.com/bid/14489/info PHP-Fusion is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'messages.php' script before using it in ...
PHP-Fusion 4.0/5.0/6.0 - 'messages.php' SQL Injection
source: https://www.securityfocus.com/bid/14489/info PHP-Fusion is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'messages.php' script before using it in an SQL query. Successful exploitation could result...