CVE-2006-1562

Multiple cross-site scripting XSS vulnerabilities in index.php in vscripts aka Kuba Kunkiewicz VBook aka VBook 2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 autor, 2 www, 3 temat, and 4 tresc parameters...

CVE-2006-1563

Direct static code injection vulnerability in config.php in vscripts aka Kuba Kunkiewicz VBook aka VBook 2.0 allows remote administrators to execute arbitrary PHP code into the config file, which is included other VBook scripts...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in vscripts aka Kuba Kunkiewicz VBook aka VBook 2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 autor, 2 www, 3 temat, and 4 tresc parameters...

CVE-2006-1562

Multiple cross-site scripting XSS vulnerabilities in index.php in vscripts aka Kuba Kunkiewicz VBook aka VBook 2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 autor, 2 www, 3 temat, and 4 tresc parameters...

CVE-2006-1563

Affected software/component: [V]Book (aka VBook) 2.0 by vscripts; vulnerable file: config.php. Root cause: Direct static code injection allows an attacker to insert arbitrary PHP code into config.php, which is subsequently included by other [V]Book scripts. Impact: Remote code execution leading t...

CVE-2006-1562

The CVE-2006-1562 entry concerns vulnerable [V]Book (aka VScripts/VBook) version 2.0 by Kuba Kunkiewicz. Multiple cross-site scripting (XSS) vulnerabilities exist in index.php, exploitable via four parameters (autor, www, temat, tresc). The underlying issue is insufficient input sanitization, all...

CVE-2006-1561

SQL injection vulnerability in index.php in vscripts aka Kuba Kunkiewicz VBook aka VBook 2.0 allows remote attackers to execute arbitrary SQL commands via the x parameter...

CVE-2006-1561

The CVE-2006-1561 issue affects the [V]Book (aka VBook) 2.0 software (vscripts) and is caused by improper sanitization in index.php, where the x parameter is used unsafely in SQL queries. This allows remote attackers to execute arbitrary SQL commands. The connected sources consistently describe S...

CVE-2006-1545

Direct static code injection vulnerability in admin/config.php in vscripts aka Kuba Kunkiewicz VNews 1.2 allows remote authenticated administrators to execute code by inserting the code into variables that are stored in admin/config.php...

CVE-2006-1543

VNews 1.2 (vscripts) is affected by multiple SQL injection vulnerabilities. The vulnerable inputs are loginvar in admin/admin.php and the news/nom parameters in news.php, where unsanitized user input is used in SQL queries. This can allow remote attackers to execute arbitrary SQL commands. A PoC/...

CVE-2006-1544

CVE-2006-1544 affects VNews 1.2 (vscripts) with multiple XSS flaws in news.php, exploitable via parameters autorkomentarza and tresckomentarza. The vulnerability allows remote attackers to inject arbitrary script/HTML. Exploitation: PoC/Exploit available per eVuln documentation. Affected software...