13 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in the domysqlquery function in core.php for Open Searchable Image Catalogue OSIC before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message...
CVE-2006-2749
SQL injection vulnerability in search.php in Open Searchable Image Catalogue OSIC 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the 1 txtCustomField and 2 CustomFieldID array parameters...
CVE-2006-2751
Cross-site scripting XSS vulnerability in Open Searchable Image Catalogue OSIC 0.7.0.1 and earlier allows remote attackers to inject arbitrary web scripts or HTML via the itemlist parameter in search.php...
CVE-2006-2750
Cross-site scripting XSS vulnerability in the domysqlquery function in core.php for Open Searchable Image Catalogue OSIC before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message...
CVE-2006-2748
SQL injection vulnerability in the domysqlquery function in core.php for Open Searchable Image Catalogue OSIC before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the 1 type parameter in adminfunctions.php and the 2 catalogueid parameter...
Sql injection
SQL injection vulnerability in search.php in Open Searchable Image Catalogue OSIC 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the 1 txtCustomField and 2 CustomFieldID array parameters...
Sql injection
SQL injection vulnerability in the domysqlquery function in core.php for Open Searchable Image Catalogue OSIC before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the 1 type parameter in adminfunctions.php and the 2 catalogueid parameter...
CVE-2006-2751
The CVE-2006-2751 entry describes a cross-site scripting (XSS) vulnerability in Open Searchable Image Catalogue (OSIC) versions up to 0.7.0.1 and earlier. The affected component is the search.php handler where the item_list parameter is used in a way that allows remote attackers to inject arbitra...
CVE-2006-2750
CVE-2006-2750 is an XSS in Open Searchable Image Catalogue (OSIC) via the do_mysql_query function in core.php, affected in OSIC versions before 0.7.0.1. The vulnerability allows remote attackers to inject arbitrary scripts/HTML that are reflected in error messages. Root cause details are limited ...
CVE-2006-2751
Cross-site scripting XSS vulnerability in Open Searchable Image Catalogue OSIC 0.7.0.1 and earlier allows remote attackers to inject arbitrary web scripts or HTML via the itemlist parameter in search.php...
CVE-2006-2749
SQL injection vulnerability in search.php in Open Searchable Image Catalogue OSIC 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the 1 txtCustomField and 2 CustomFieldID array parameters...
CVE-2006-2748
The CVE-2006-2748 entry concerns Open Searchable Image Catalogue (OSIC) prior to version 0.7.0.1. The vulnerability is a SQL injection in the do_mysql_query function within core.php, allowing remote attackers to inject arbitrary SQL via multiple vectors. Documented vectors include (1) the type pa...
CVE-2006-2749
CVE-2006-2749 is a SQL injection vulnerability in the Open Searchable Image Catalogue (OSIC) before or equal to 0.7.0.1, specifically in search.php. The underlying flaw allows remote attackers to inject arbitrary SQL via the (1) txtCustomField and (2) CustomFieldID array parameters. Affected prod...