23 matches found
EUVD-2008-7057
Malware in sbrugna...
EUVD-2008-7056
Malware in sbrugna...
EUVD-2008-7058
Malware in sbrugna...
EUVD-2008-3567
Malware in sbrugna...
EUVD-2008-3566
Malware in sbrugna...
Sql injection
Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via 1 the $id variable in admin/includes/delecpac.php, 2 $ordorderid variable in payments/paymentreceived.php, 3 $id variable in includes/functions.php, and 4 unspecified...
Design/Logic Flaw
Unspecified vulnerability in the Manage Templates feature in Qsoft K-Rate Premium allows remote attackers to execute arbitrary PHP code via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Qsoft K-Rate Premium allow remote attackers to inject arbitrary web script or HTML via the blog, possibly the 1 Title and 2 Text fields; 3 the gallery, possibly the Description field in Your Pictures; 4 the forum, possibly the Your Message fiel...
CVE-2008-7097
Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via 1 the $id variable in admin/includes/delecpac.php, 2 $ordorderid variable in payments/paymentreceived.php, 3 $id variable in includes/functions.php, and 4 unspecified...
CVE-2008-7098
Multiple cross-site scripting XSS vulnerabilities in Qsoft K-Rate Premium allow remote attackers to inject arbitrary web script or HTML via the blog, possibly the 1 Title and 2 Text fields; 3 the gallery, possibly the Description field in Your Pictures; 4 the forum, possibly the Your Message fiel...
CVE-2008-7099
CVE-2008-7099 concerns a vulnerability in the Manage Templates feature of Qsoft K-Rate Premium that could allow remote attackers to execute arbitrary PHP code. The available sources identify the affected product as Qsoft K-Rate Premium and specify the vulnerability as arising in the Manage Templa...
CVE-2008-7097
Qsoft K-Rate Premium is affected by multiple SQL injection flaws (CVE-2008-7097). The vulnerabilities affect PHP-based paths including admin/includes/dele_cpac.php (via $id), payments/payment_received.php (via $ord[order_id]), includes/functions.php (via $id), and modules/chat.php (unnamed variab...
CVE-2008-7098
CVE-2008-7098 involves multiple cross-site scripting (XSS) vulnerabilities in the Qsoft K-Rate Premium software. According to the NVD entry, remote attackers may inject arbitrary script or HTML via various input points: the blog (Title/Text), the Your Pictures gallery (Description), the forum (Yo...
CVE-2008-7097
Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via 1 the $id variable in admin/includes/delecpac.php, 2 $ordorderid variable in payments/paymentreceived.php, 3 $id variable in includes/functions.php, and 4 unspecified...
CVE-2008-7098
Multiple cross-site scripting XSS vulnerabilities in Qsoft K-Rate Premium allow remote attackers to inject arbitrary web script or HTML via the blog, possibly the 1 Title and 2 Text fields; 3 the gallery, possibly the Description field in Your Pictures; 4 the forum, possibly the Your Message fiel...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in Qsoft K-Links allows remote attackers to inject arbitrary web script or HTML via the loginmessage parameter in a login action...
Sql injection
Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to visit.php, or the PATHINFO to the default URI under 2 report/, 3 addreview/, or 4 refer/...
CVE-2008-3580
Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to visit.php, or the PATHINFO to the default URI under 2 report/, 3 addreview/, or 4 refer/...
CVE-2008-3581
Cross-site scripting XSS vulnerability in index.php in Qsoft K-Links allows remote attackers to inject arbitrary web script or HTML via the loginmessage parameter in a login action...
CVE-2008-3581
Cross-site scripting XSS vulnerability in index.php in Qsoft K-Links allows remote attackers to inject arbitrary web script or HTML via the loginmessage parameter in a login action...