26 matches found
EUVD-2008-6625
Malware in sbrugna...
EUVD-2009-0115
Malware in sbrugna...
EUVD-2009-0117
Malware in sbrugna...
EUVD-2009-0116
Malware in sbrugna...
PHPAuctions 'viewfaqs.php' SQL Injection Vulnerability
PHPAuctions is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the...
PHPAuctions 'viewfaqs.php' SQLi Vulnerability - Active Check
PHPAuctions is prone to an SQL injection SQLi vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...
PHPAuctions - viewfaqs.php SQL Injection
PHPAuctions - viewfaqs.php SQL Injection source: https://www.securityfocus.com/bid/45928/info PHPAuctions is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker...
PHPAuctions - 'viewfaqs.php' SQL Injection
source: https://www.securityfocus.com/bid/45928/info PHPAuctions is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or...
Sql injection
SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions aka PHPAuctionSystem allows remote attackers to execute arbitrary SQL commands via the auctionid parameter, a different vector than CVE-2009-0106...
CVE-2008-6663
SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions aka PHPAuctionSystem allows remote attackers to execute arbitrary SQL commands via the auctionid parameter, a different vector than CVE-2009-0106...
CVE-2008-6663
SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions aka PHPAuctionSystem allows remote attackers to execute arbitrary SQL commands via the auctionid parameter, a different vector than CVE-2009-0106...
CVE-2008-6663
PHPAuctions.info/PHPAuctionSystem shows a SQL injection vulnerability in profile.php. The affected component is the profile handling (profile.php) with input via auction_id (and related CVE entries also cite user_id). The root cause is improper handling of input leading to arbitrary SQL execution...
CVE-2009-0108
PHPAuctions aka PHPAuctionSystem allows remote attackers to bypass authentication and gain administrative access via modified 1 PHPAUCTIONRMID, 2 PHPAUCTIONRMNAME, 3 PHPAUCTIONRMUSERNAME, and 4 PHPAUCTIONRMEMAIL cookies...
CVE-2009-0107
Cross-site scripting XSS vulnerability in profile.php in PHPAuctions aka PHPAuctionSystem allows remote attackers to inject arbitrary web script or HTML via the userid parameter...
CVE-2009-0106
SQL injection vulnerability in profile.php in PHPAuctions aka PHPAuctionSystem allows remote attackers to execute arbitrary SQL commands via the userid parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in profile.php in PHPAuctions aka PHPAuctionSystem allows remote attackers to inject arbitrary web script or HTML via the userid parameter...
Authentication flaw
PHPAuctions aka PHPAuctionSystem allows remote attackers to bypass authentication and gain administrative access via modified 1 PHPAUCTIONRMID, 2 PHPAUCTIONRMNAME, 3 PHPAUCTIONRMUSERNAME, and 4 PHPAUCTIONRMEMAIL cookies...
Sql injection
SQL injection vulnerability in profile.php in PHPAuctions aka PHPAuctionSystem allows remote attackers to execute arbitrary SQL commands via the userid parameter...
CVE-2009-0107
Cross-site scripting XSS vulnerability in profile.php in PHPAuctions aka PHPAuctionSystem allows remote attackers to inject arbitrary web script or HTML via the userid parameter...
CVE-2009-0106
CVE-2009-0106 is a SQL injection vulnerability in profile.php of PHPAuctions (PHPAuctionSystem). The flaw allows remote attackers to run arbitrary SQL commands through the user_id parameter, enabling potential data leakage or modification. The connected records also cite a related vulnerability (...