CVE-2006-1324

Cross-site scripting XSS vulnerability in acp/lib/classdbmysql.php in Woltlab Burning Board wBB 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is generated...

CVE-2006-1324

CVE-2006-1324 describes a Cross-site Scripting (XSS) vulnerability in Woltlab Burning Board (wBB) 2.3.4, specifically in acp/lib/class_db_mysql.php. An attacker can inject arbitrary web script or HTML via the errormsg parameter when a SQL error is generated, potentially affecting users who view t...

Information disclosure

agencyprofile.asp in Parodia 6.2 and earlier might allow remote attackers to obtain sensitive information by triggering an SQL error via an invalid AGID parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

CVE-2006-1005

agencyprofile.asp in Parodia 6.2 and earlier might allow remote attackers to obtain sensitive information by triggering an SQL error via an invalid AGID parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

CVE-2006-1005

CVE-2006-1005 affects Parodia 6.2 and earlier. The issue is an information disclosure: remote attackers can cause an SQL error by supplying an invalid AG_ID parameter in agencyprofile.asp, which may reveal sensitive information. The vulnerability is described consistently across NVD/Red Hat/NVD m...

CVE-2006-1005

agencyprofile.asp in Parodia 6.2 and earlier might allow remote attackers to obtain sensitive information by triggering an SQL error via an invalid AGID parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

Sql injection

Bugzilla 2.16.10 does not properly handle certain characters in the 1 maxpatchsize and 2 maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error...

CVE-2006-0914

Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error...

CVE-2006-0915

Bugzilla 2.16.10 does not properly handle certain characters in the 1 maxpatchsize and 2 maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error...

CVE-2006-0915

Bugzilla 2.16.10 does not properly handle certain characters in the 1 maxpatchsize and 2 maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error...

CVE-2006-0915

Bugzilla 2.16.10 does not properly handle certain characters in the 1 maxpatchsize and 2 maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error...

CVE-2006-0914

The CVE-2006-0914 entry affects Bugzilla versions 2.16.10, 2.17 through 2.18.4, and 2.20. The vulnerability arises because character handling in the mostfreqthreshold parameter within duplicates.cgi is insufficient, allowing remote attackers to trigger a SQL error. This is documented across multi...

CVE-2006-0914

Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error...

CVE-2006-0840

manageuserpage.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' quote character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTISMANAGECOOKIE cookie. NOTE: thi...

CVE-2006-0840

manageuserpage.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' quote character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTISMANAGECOOKIE cookie. NOTE: thi...

Code injection

manageuserpage.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' quote character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTISMANAGECOOKIE cookie. NOTE: thi...

CVE-2006-0840

CVE-2006-0840 affects Mantis 1.00rc4 and earlier: manage_user_page.php mishandles a sort parameter containing a single quote, allowing remote attackers to trigger a SQL error that may be repeatedly reported to users via the MANTIS_MANAGE_COOKIE. This description is aligned with the related CVE-20...

CVE-2006-0840

manageuserpage.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' quote character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTISMANAGECOOKIE cookie. NOTE: thi...

HiveMail <= 1.3 Multiple Vulnerabilities

GulfTech Security Research February 10, 2006 Vendor : HiveMail URL : http://www.hivemail.com/ Version : HiveMail = 1.3 Risk : Multiple Vulnerabilities Description: HiveMail is a powerful web-based email program that allows you to offer personal email accounts to your visitors. This makes HiveMail...

Cross site request forgery (csrf)

search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters...