17 matches found
EUVD-2006-3086
Malware in sbrugna...
EUVD-2006-3087
Malware in sbrugna...
EUVD-2006-3089
Malware in sbrugna...
EUVD-2006-3088
Malware in sbrugna...
CVE-2006-3092
PhpMyFactures 1.2 and earlier allows remote attackers to bypass authentication and modify data via direct requests with modified parameters to 1 /tva/ajoutertva.php, 2 /remises/ajouterremise.php, 3 /pays/ajouterpays.php, 4 /pays/modifierpays.php, 5 /produits/ajoutercat.php, 6...
CVE-2006-3089
Multiple cross-site scripting XSS vulnerabilities in PhpMyFactures 1.0, and possibly 1.2 and earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 prefixedossier parameter in a /inc/header.php; 2 msg parameter in b /remises/ajouterremise.php, c /tva/ajoutertva.php, d...
CVE-2006-3090
Multiple SQL injection vulnerabilities in PhpMyFactures 1.0, and possibly 1.2 and earlier, with magicquotesgpc disabled, allow remote attackers to execute arbitrary SQL commands via the 1 idpays parameter in a /pays/modifierpays.php; 2 idproduit, 3 quantite, 4 prixht, and 5 date parameter in b...
CVE-2006-3091
PhpMyFactures 1.0, and possibly 1.2 and earlier, allows remote attackers to obtain the installation path via a direct request to 1 /verif.php, 2 /inc/footer.php, and 3 /remises/ajouterremise.php...
CVE-2006-3092
PhpMyFactures 1.2 and earlier allows remote attackers to bypass authentication and modify data via direct requests with modified parameters to 1 /tva/ajoutertva.php, 2 /remises/ajouterremise.php, 3 /pays/ajouterpays.php, 4 /pays/modifierpays.php, 5 /produits/ajoutercat.php, 6...
CVE-2006-3089
Multiple cross-site scripting XSS vulnerabilities in PhpMyFactures 1.0, and possibly 1.2 and earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 prefixedossier parameter in a /inc/header.php; 2 msg parameter in b /remises/ajouterremise.php, c /tva/ajoutertva.php, d...
CVE-2006-3090
Multiple SQL injection vulnerabilities in PhpMyFactures 1.0, and possibly 1.2 and earlier, with magicquotesgpc disabled, allow remote attackers to execute arbitrary SQL commands via the 1 idpays parameter in a /pays/modifierpays.php; 2 idproduit, 3 quantite, 4 prixht, and 5 date parameter in b...
CVE-2006-3092
PhpMyFactures 1.2 and earlier is affected: remote attackers can bypass authentication and modify data by sending modified parameters to specific endpoints (tva/ajouter_tva.php, remises/ajouter_remise.php, pays/ajouter_pays.php, pays/modifier_pays.php, produits/ajouter_cat.php, produits/ajouter_pr...
CVE-2006-3090
CVE-2006-3090 involves multiple SQL injection vulnerabilities in PhpMyFactures 1.0 (and possibly earlier 1.x) where magic_quotes_gpc is disabled. The issues allow remote attackers to manipulate the database through various parameters across several pages, including pays/modifier_pays.php, stocks/...
CVE-2006-3089
CVE-2006-3089 affects PhpMyFactures 1.0 (and possibly 1.2 and earlier), with multiple XSS vulnerabilities that allow remote injection of arbitrary script/HTML via several parameters across different pages (including prefixe_dossier, msg, tire, quantite, taux, date, pays, and prefixe in various PH...
CVE-2006-3091
CVE-2006-3091 affects PhpMyFactures 1.0 (and possibly 1.2 and earlier). The issue allows remote attackers to obtain the installation path by making direct requests to (1) /verif.php, (2) /inc/footer.php, and (3) /remises/ajouter_remise.php. The NVD entry lists a CVSS2 base score of 5.0 (Medium) w...
CVE-2006-3091
PhpMyFactures 1.0, and possibly 1.2 and earlier, allows remote attackers to obtain the installation path via a direct request to 1 /verif.php, 2 /inc/footer.php, and 3 /remises/ajouterremise.php...
PhpMyFactures 1.0 Cross Site Scripting, SQL Injection, Full Path Disclosure and others
PhpMyFactures 1.0 Full Path Disclosure Guest http://.../verif.php Guest http://.../inc/footer.php Guest http://.../remises/ajouterremise.php Informations modification Guest http://.../tva/ajoutertva.php?action=send&tva=DIGITS Guest...