52 matches found
Sql injection
SQL injection vulnerability in login.php in IP Reg 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter...
CVE-2008-4523
CVE-2008-4523 describes a SQL injection in login.php for IP Reg 0.4 and earlier, exploitable via the user_name parameter to run arbitrary SQL commands remotely. The vulnerability is evidenced in multiple sources (NVD, CVE listings, and related references) with a CVSS v2 base score of 7.5 (HIGH) a...
CVE-2008-4523
SQL injection vulnerability in login.php in IP Reg 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter...
Sql injection
Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the username parameter to actions.php, and unspecified other vectors...
CVE-2008-0142
Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the username parameter to actions.php, and unspecified other vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in member.php in 4images 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the nickname, probably involving the username parameter in register.php...
CVE-2006-2011
Cross-site scripting XSS vulnerability in member.php in 4images 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the nickname, probably involving the username parameter in register.php...
CVE-2006-1690
Cross-site scripting XSS vulnerability in subscribe.php in MWNewsletter 1.0.0b allows remote attackers to inject arbitrary web script or HTML via the username parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in subscribe.php in MWNewsletter 1.0.0b allows remote attackers to inject arbitrary web script or HTML via the username parameter...
Sql injection
Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow remote attackers to execute arbitrary SQL commands via the 1 useremail parameter to a unsubscribe.php or b subscribe.php; or the 2 username parameter to subscribe.php. NOTE: the provenance of this information is unknown; the...
Sql injection
SQL injection vulnerability in MWNewsletter 1.0.0b allows remote attackers to execute arbitrary SQL commands via the username parameter to unsubscribe.php...
CVE-2006-1691
SQL injection vulnerability in MWNewsletter 1.0.0b allows remote attackers to execute arbitrary SQL commands via the username parameter to unsubscribe.php...