115 matches found
Sql injection
SQL injection vulnerability in calendar.php in Virtual War VWar 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter...
Sql injection
SQL injection vulnerability in blog.php in Mooseguy Blog System MGBS 1.0 allows remote attackers to execute arbitrary SQL commands via the month parameter...
CVE-2008-0424
SQL injection vulnerability in blog.php in Mooseguy Blog System MGBS 1.0 allows remote attackers to execute arbitrary SQL commands via the month parameter...
Mooseguy Blog System 1.0 - month SQL Injection
Mooseguy Blog System 1.0 - month SQL Injection MGBS 1.0 Remote SQL injection Script url http://sourceforge.net/project/showfiles.php?groupid=193233 Vulnerable code in blog.php ?php $month = $GET'month'; $result = mysqlquery"SELECT FROM blog WHERE posted='$month' ORDER BY id DESC" or die"HELP QUER...
Cross site scripting
Cross-site scripting XSS vulnerability in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 allows remote attackers to inject arbitrary web script or HTML via the month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
Sql injection
Multiple SQL injection vulnerabilities in archives.php in Particle Blogger 1.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the month parameter and other unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in mods.php in GTP GNUTurk Portal System 3G allows remote attackers to inject arbitrary web script or HTML via the month parameter...
CVE-2007-2879
Cross-site scripting XSS vulnerability in mods.php in GTP GNUTurk Portal System 3G allows remote attackers to inject arbitrary web script or HTML via the month parameter...
CVE-2006-3821
Multiple cross-site scripting XSS vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the 1 lang parameter in a indexlist.php and 2 year, 3 month, and 4 day parameter in b registration.php...
DEBIAN-CVE-2006-3682
awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the 1 year, 2 pluginmode or 3 month parameters...
Sql injection
SQL injection vulnerability in events.php in Maian Events 1.0 allows remote attackers to execute arbitrary SQL commands via the 1 month and 2 year parameters...
Directory traversal
Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to read certain files via the month parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the 1 month or 2 year parameter to index.php...
CVE-2006-0333
Cross-site scripting XSS vulnerability in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the 1 month or 2 year parameter to index.php...
Sql injection
SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows remote attackers to execute arbitrary SQL commands via the 1 month and 2 year parameters...