43 matches found
CVE-2006-2004
Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the 1 username or 2 password fields...
CVE-2006-2004
CVE-2006-2004 describes multiple SQL injection vulnerabilities in RI Blog 1.1 that allow remote attackers to execute arbitrary SQL commands through the (1) username or (2) password fields. The CVSS base score is 7.5 (HIGH) with network attack vector, low complexity, and no authentication required...
PT-2004-2957 · Isearch · Isearch +1
Name of the Vulnerable Software and Affected Versions: RiSearch version 1.0.01 RiSearch Pro version 3.2.06 Description: The issue allows remote attackers to use the show.pl script as an open proxy or read arbitrary local files by setting the url parameter to a http://, ftp://, or file:// URL...