61 matches found
CVE-2006-2973
Multiple SQL injection vulnerabilities in month.php in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the 1 catid and 2 cid parameter. NOTE: this might be a duplicate of CVE-2005-4009.c...
CVE-2006-2973
Multiple SQL injection vulnerabilities in month.php in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the 1 catid and 2 cid parameter. NOTE: this might be a duplicate of CVE-2005-4009.c...
CVE-2006-2973
CVE-2006-2973 involves multiple SQL injection vulnerabilities in month.php of PHP Lite Calendar Express 2.2 . The issue allows remote attackers to execute arbitrary SQL commands via the (1) and (2) parameters, potentially affecting the application’s database through the affected page. The CVSS ...
CVE-2006-2871
PHP remote file inclusion vulnerability in include/common.php in CyBoards PHP Lite 1.25 allows remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter. NOTE: CVE disputes this issue, since $scriptpath is set to a constant value...
CyBoards PHP Lite v1.25 (common.PHP) Remote File Inclusion
CyBoards PHP Lite v1.25 common.PHP Remote File Inclusion Credit : SpC-x | The-BeKiR Site : http://wWw.SaVSaK.CoM Greetz : | Nukedx | Ejder | Str0ke | joffer | Poizonb0x | Remote File Inclusion : http://www.target.com/path/include/common.php?scriptpath=CmdShell Common.PHP :...
CyBoards PHP Lite 1.211.25 - Common.php Remote File Inclusion
CyBoards PHP Lite 1.211.25 - Common.php Remote File Inclusion source: https://www.securityfocus.com/bid/18272/info CyBoards PHP Lite is prone to a remote file-include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it...
CyBoards PHP Lite 1.21/1.25 - 'Common.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/18272/info CyBoards PHP Lite is prone to a remote file-include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the...
[eVuln] CyBoards PHP Lite SQL Injection Vulnerability
New eVuln Advisory: CyBoards PHP Lite SQL Injection Vulnerability http://evuln.com/vulns/91/summary.html --------------------Summary---------------- eVuln ID: EV0091 CVE: CVE-2006-1134 Software: CyBoards PHP Lite Sowtware's Web Site:...
CyBoards PHP Lite 1.211.25 - post.php SQL Injection
CyBoards PHP Lite 1.211.25 - post.php SQL Injection source: https://www.securityfocus.com/bid/17107/info CyBoards PHP Lite is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A...
CyBoards PHP Lite 1.21/1.25 - 'post.php' SQL Injection
source: https://www.securityfocus.com/bid/17107/info CyBoards PHP Lite is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise...
CVE-2006-1134
SQL injection vulnerability in CyBoards PHP Lite 1.25, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the parent parameter to 1 post.php and possibly 2 processpost.php...
Sql injection
SQL injection vulnerability in CyBoards PHP Lite 1.25, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the parent parameter to 1 post.php and possibly 2 processpost.php...
CVE-2006-1134
CyBoards PHP Lite 1.25 is affected by a SQL Injection in the post.php workflow (parameter parent) when magic_quotes_gpc is disabled. The vulnerability allows remote attackers to craft arbitrary SQL commands, potentially impacting authentication and data integrity. Evidence from multiple sources c...
CVE-2006-1134
SQL injection vulnerability in CyBoards PHP Lite 1.25, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the parent parameter to 1 post.php and possibly 2 processpost.php...
CVE-2005-4009
Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 cid and 2 catid parameters to a day.php, b week.php, c month.php, and d year.php...
CVE-2005-4009
Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 cid and 2 catid parameters to a day.php, b week.php, c month.php, and d year.php...
CVE-2005-4009
Summary of confirmed issues (CVE-2005-4009, CVE-2007-3627, related CVEs): PHP Lite Calendar Express 2.2 and earlier contain multiple SQL injection vulnerabilities. The CVE-2005-4009 entries describe injection via the cid and catid parameters to day.php, week.php, month.php, and year.php. The CVE-...
PHP Lite Calendar Express 2.2 - auth.php?cid SQL Injection
PHP Lite Calendar Express 2.2 - auth.php?cid SQL Injection source: https://www.securityfocus.com/bid/14504/info Calendar Express is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful...
PHP Lite Calendar Express 2.2 - 'Subscribe.php?cid' SQL Injection
source: https://www.securityfocus.com/bid/14504/info Calendar Express is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the applicatio...
PHP Lite Calendar Express 2.2 - 'auth.php?cid' SQL Injection
source: https://www.securityfocus.com/bid/14504/info Calendar Express is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the applicatio...