109 matches found
CVE-2005-1235
auctionmyauctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message...
CVE-2005-1235
The CVE concerns phpbb-Auction 1.2m and earlier, where auction_my_auctions.php accepts an invalid mode parameter and, via a PHP error message, leaks the full path. This is a potential information disclosure vulnerability in the PHP code path handling the auction feature. The provided documents do...
CVE-2005-1235
auctionmyauctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message...
CVE-2005-1074
SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to execute arbitrary SQL commands via the mode parameter...
CVE-2005-0735
newsscript.pl for NewsScript allows remote attackers to gain privileges by setting the mode parameter to admin...
CVE-2005-0735
The CVE refers to NewsScript’s newsscript.pl CGI, where an attacker can escalate privileges remotely by sending mode=admin. Affected product: NewsScript (NewsScript.co.uk). Root cause: incomplete access validation in the CGI parameters allowing admin rights to be set via the mode parameter. Impac...
CVE-2004-2062
SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the 1 threadid, 2 parentid, or 3 mode parameters...
CVE-2004-0242
X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with 1 phpinfo command or 2 perlinfo command...
CVE-2004-0242
X-Cart 3.4.3 is affected by CVE-2004-0242. An attacker can remotely read sensitive information by supplying a mode parameter that triggers phpinfo or perlinfo commands. The vulnerability enables information disclosure in the affected product via the web interface; no exploitation or mitigations a...