4 matches found
CVE-2006-6402
SQL injection vulnerability in mystats.php in MyStats 1.0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the details parameter...
CVE-2006-6402
CVE-2006-6402 describes a SQL injection in the file mystats.php of MyStats 1.0.8 and earlier via the details parameter. The vulnerability allows remote attackers to execute arbitrary SQL commands . Documents list the affected product and impact but do not provide exploitation steps, affected vers...
MyStats <=1.0.8 [injection sql, multiples xss, array & full path disclosure]
MyStats =1.0.8 injection sql, multiples xss, array & full path disclosure vendor site: http://emcity.nexenservices.com/mystats/index.php product :MyStats 1.0.8 bug: injection sql, multiples xss, array & full path disclosure risk : medium 1/3 Connexion Variable XSS Exploits:...
mystats-108.txt
MyStats alertdocument.cookie&by=jour&ORDERER=datetime mystats/mystats.php?connexion="'/alertdocument.cookie&by=jour&ORDERER=datetime 2/3 Details Variable Injection Sql, Full Path Disclosure, Array GET & XSS Exploits: mystats/mystats.php?details=' mystats/mystats.php?details=...