6 matches found
Sql injection
Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magicquotesgpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the 1 mail, 2 password, and 3 letra parameters to index.php; 4 y and 5 m parameters to sobre.php; and the...
CVE-2009-1584
Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magicquotesgpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the 1 mail, 2 password, and 3 letra parameters to index.php; 4 y and 5 m parameters to sobre.php; and the...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the 1 search form; 2 expresiondebusqueda, 3 letra, 4 estadoid, and 5 tema parameters to index.php; the 6 PATHINFO to index.php; 7 unspecified parameters...
CVE-2009-1583
CVE-2009-1583 affects TemaTres 1.0.3 and 1.031, with multiple XSS vulnerabilities (and, per OpenVAS, SQLi in some checks) exposed via several parameters to index.php and sobre.php. Impact described as remote script/HTML injection; no exploitation details are provided in the initial/connected docu...
CVE-2009-1583
Multiple cross-site scripting XSS vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the 1 search form; 2 expresiondebusqueda, 3 letra, 4 estadoid, and 5 tema parameters to index.php; the 6 PATHINFO to index.php; 7 unspecified parameters...
CVE-2009-1584
Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magicquotesgpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the 1 mail, 2 password, and 3 letra parameters to index.php; 4 y and 5 m parameters to sobre.php; and the...