CVE-2008-0605

Multiple cross-site scripting XSS vulnerabilities in AstroSoft HelpDesk before 1.95.228 allow remote attackers to inject arbitrary web script or HTML via the 1 txtSearch parameter to operator/article/articlesearchresults.asp and the 2 AttachId parameter to operator/article/articleattachment.asp...

litecommerce 2004 (category_id) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================== litecommerce 2004 categoryid Remote SQL Injection Vulnerability ================================================================== litecommerce Copyright © 2004 - Remote S...

Path traversal

categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' quote character in the cid parameter, which reveals the path in a forced SQL error message...

CVE-2007-3127

content.php in WSPortal 1.0, when magicquotesgpc is disabled, allows remote attackers to obtain sensitive information via a "';" quote semicolon sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message...

Design/Logic Flaw

content.php in WSPortal 1.0, when magicquotesgpc is disabled, allows remote attackers to obtain sensitive information via a "';" quote semicolon sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message...

EUVD-2007-3119

content.php in WSPortal 1.0, when magicquotesgpc is disabled, allows remote attackers to obtain sensitive information via a "';" quote semicolon sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message...

CVE-2007-1597

Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain 1 the board log via a direct request for logs/board-YYYY-MM-DD.log, 2 the mail and private message PM log via a direct request for...

CVE-2006-3389

index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any...

Cross site request forgery (csrf)

search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters...