CVE-2007-4143

CVE-2007-4143 affects the phpCoupon Billing Control Panel (user.php). Affected: remote authenticated users can upgrade to Premium Member status by modifying a URL that includes a specific billing parameter and the substrings REQ=auth, status=success, and custom=upgrade; this may also relate to Pa...

Sql injection

SQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2007-2942

SQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...

Deserialization of untrusted data

user.php in BoastMachine 3.0 platinum allows remote authenticated users to gain privileges via a modified id parameter, as demonstrated by an editpost action...

CVE-2007-0624

user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' quote character, and possibly other invalid values, in the uname parameter in a userinfo operation...

Design/Logic Flaw

user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' quote character, and possibly other invalid values, in the uname parameter in a userinfo operation...

CVE-2007-0624

user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' quote character, and possibly other invalid values, in the uname parameter in a userinfo operation...

Sql injection

SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2007-0130

SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2007-0130

CVE-2007-0130 describes a SQL injection in the web front-end of iGeneric iG Calendar 1.0, specifically in the file or function handling the id parameter of user.php. The vulnerability enables remote attackers to execute arbitrary SQL commands by supplying crafted input for id, leading to potentia...

iG Calendar 1.0 (user.php id variable) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================================= iG Calendar 1.0 user.php id variable Remote SQL Injection Vulnerability ========================================================================= SQL Injection in...

iG Calendar 1.0 - user.php?id SQL Injection

iG Calendar 1.0 - user.php?id SQL Injection SQL Injection in ig-Calendar. This works regardless of magicquotesgpc! Dumps mysql login informaion: http://127.0.0.1/ig-calendar/user.php?id=999%20union%20select%201,User,Password,Host,Filepriv,0%20from%20mysql.user ./user.php line 52: $query = 'SELECT...

CVE-2006-4575

Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote attackers to execute arbitrary SQL commands via the 1 lastname, 2 firstname, 3 passwordOld, 4 passwordNew, 5 id, 6 language, 7 defaultLetter, 8 newuserPass, 9 newuserType, 10 newuserEmail parameters in a user.php; the 1...

CVE-2006-4575

Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote attackers to execute arbitrary SQL commands via the 1 lastname, 2 firstname, 3 passwordOld, 4 passwordNew, 5 id, 6 language, 7 defaultLetter, 8 newuserPass, 9 newuserType, 10 newuserEmail parameters in a user.php; the 1...

CVE-2006-5564

Cross-site scripting XSS vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

CVE-2006-5564

Cross-site scripting XSS vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

CVE-2006-5064

Multiple cross-site scripting XSS vulnerabilities in BirdBlog 1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 entryid parameter in comment.php, 2 page parameter in index.php, or the 3 uid parameter in user.php. NOTE: the provenance of this information is...

CVE-2006-4794

Multiple cross-site scripting XSS vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string PATHINFO in 1 contact.php, 2 download.php, 3 admin.php, 4 fpw.php, 5 news.php, 6 search.php, 7 signup.php, 8 submitnews.php, and 9 user.php. NOTE: the...

Empire CMS <= 3.7 (checklevel.php) Remote File Include Vulnerability

No description provided by source. Empire CMS =3.7 checklevel.php Remote File Include Vulnerability Find by: Bob Linuson Code: 2 $includefile=$checkpath."e/class/MemberLevel.php"; 3 include"$includefile"; ..... 67 include$checkpath."e/class/connect.php"; 68 include$checkpath."e/class/dbsql.php"; ...

Empire CMS 3.7 - checklevel.php Remote File Inclusion

Empire CMS 3.7 - checklevel.php Remote File Inclusion Empire CMS =3.7 checklevel.php Remote File Include Vulnerability Find by: Bob Linuson Code: 2 $includefile=$checkpath."e/class/MemberLevel.php"; 3 include"$includefile"; ..... 67 include$checkpath."e/class/connect.php"; 68...