Sql injection

Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the 1 checkdownload and possibly 2 checkfilename function in upload/admin2/model/products/modeladmindownload.php or remote authenticated users wit...

Unfixed XSS vulnerability at www.liberty-cig.fr

Security researcher Atmon3r, has submitted on 12/12/2011 a cross-site-scripting XSS vulnerability affecting www.liberty-cig.fr, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/12/2011. It is currently...

CVE-2007-2824

SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php...

CVE-2007-2824

CVE-2007-2824 describes a SQL injection in AlstraSoft E-Friends (versions 4.21 and earlier) where the pack parameter in the paypal action of index.php is unsafely handled, allowing remote attackers to execute arbitrary SQL commands. The underlying issue is unsanitized user input fed into a databa...