26 matches found
EUVD-2008-6625
Malware in sbrugna...
EUVD-2009-0115
Malware in sbrugna...
EUVD-2009-0116
Malware in sbrugna...
EUVD-2009-0117
Malware in sbrugna...
PHPAuctions 'viewfaqs.php' SQL Injection Vulnerability
PHPAuctions is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the...
PHPAuctions 'viewfaqs.php' SQLi Vulnerability - Active Check
PHPAuctions is prone to an SQL injection SQLi vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...
PHPAuctions - viewfaqs.php SQL Injection
PHPAuctions - viewfaqs.php SQL Injection source: https://www.securityfocus.com/bid/45928/info PHPAuctions is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker...
PHPAuctions - 'viewfaqs.php' SQL Injection
source: https://www.securityfocus.com/bid/45928/info PHPAuctions is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or...
Sql injection
SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions aka PHPAuctionSystem allows remote attackers to execute arbitrary SQL commands via the auctionid parameter, a different vector than CVE-2009-0106...
CVE-2008-6663
SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions aka PHPAuctionSystem allows remote attackers to execute arbitrary SQL commands via the auctionid parameter, a different vector than CVE-2009-0106...
CVE-2008-6663
SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions aka PHPAuctionSystem allows remote attackers to execute arbitrary SQL commands via the auctionid parameter, a different vector than CVE-2009-0106...
CVE-2008-6663
PHPAuctions.info/PHPAuctionSystem shows a SQL injection vulnerability in profile.php. The affected component is the profile handling (profile.php) with input via auction_id (and related CVE entries also cite user_id). The root cause is improper handling of input leading to arbitrary SQL execution...
CVE-2009-0108
PHPAuctions aka PHPAuctionSystem allows remote attackers to bypass authentication and gain administrative access via modified 1 PHPAUCTIONRMID, 2 PHPAUCTIONRMNAME, 3 PHPAUCTIONRMUSERNAME, and 4 PHPAUCTIONRMEMAIL cookies...
CVE-2009-0106
SQL injection vulnerability in profile.php in PHPAuctions aka PHPAuctionSystem allows remote attackers to execute arbitrary SQL commands via the userid parameter...
CVE-2009-0107
Cross-site scripting XSS vulnerability in profile.php in PHPAuctions aka PHPAuctionSystem allows remote attackers to inject arbitrary web script or HTML via the userid parameter...
Sql injection
SQL injection vulnerability in profile.php in PHPAuctions aka PHPAuctionSystem allows remote attackers to execute arbitrary SQL commands via the userid parameter...
Authentication flaw
PHPAuctions aka PHPAuctionSystem allows remote attackers to bypass authentication and gain administrative access via modified 1 PHPAUCTIONRMID, 2 PHPAUCTIONRMNAME, 3 PHPAUCTIONRMUSERNAME, and 4 PHPAUCTIONRMEMAIL cookies...
Cross site scripting
Cross-site scripting XSS vulnerability in profile.php in PHPAuctions aka PHPAuctionSystem allows remote attackers to inject arbitrary web script or HTML via the userid parameter...
CVE-2009-0106
SQL injection vulnerability in profile.php in PHPAuctions aka PHPAuctionSystem allows remote attackers to execute arbitrary SQL commands via the userid parameter...
CVE-2009-0107
Cross-site scripting XSS vulnerability in profile.php in PHPAuctions aka PHPAuctionSystem allows remote attackers to inject arbitrary web script or HTML via the userid parameter...