161 matches found
Sql injection
Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via 1 the id parameter in an editregistry action to index.php, 2 a vector involving the checkemail function, and other vectors...
CVE-2008-3768
Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via 1 the id parameter in an editregistry action to index.php, 2 a vector involving the checkemail function, and other vectors...
CVE-2008-3768
The vulnerability is in Turnkey Web Tools SunShop Shopping Cart before 4.1.5, affecting the file component class.ajax.php . The CVE-2008-3768 entry describes multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. Exploitation paths include (1) the id...
SunShop <= 4.1.4 (id) Remote SQL Injection Vulnerability
No description provided by source. GulfTech Security Research August 18, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : SunShop = 4.1.4 Risk : SQL Injection Description: SunShop shopping cart is a full featured ecommerce solution written in php that allows for...
SunShop <= 4.1.4 (id) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ======================================================== SunShop queryfirst"SELECT FROM ".$dbprefix."usersr...
PHP Live Helper <= 2.0.1 Multiple Remoet Vulnerabilities
No description provided by source. GulfTech Security Research August 16, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : PHP Live Helper = 2.0.1 Risk : Multiple Vulnerabilities Description: PHP Live Helper is an online support system written in php that allows...
SunShop Shopping Cart 4.1.4 - id SQL Injection
SunShop Shopping Cart 4.1.4 - id SQL Injection GulfTech Security Research August 18, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : SunShop queryfirst"SELECT FROM ".$dbprefix."usersregistry WHERE id='".$POSTid."' AND userid='".$sess-gvar'userid'."'"; $data =...
SunShop Shopping Cart 4.1.4 - 'id' SQL Injection
GulfTech Security Research August 18, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : SunShop queryfirst"SELECT FROM ".$dbprefix."usersregistry WHERE id='".$POSTid."' AND userid='".$sess-gvar'userid'."'"; $data = filterdata$data; $out =...
PHP Live Helper <= 2.0.1 Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ======================================================== PHP Live Helper DBsite-queryfirst"SELECT FROM ". $this-dbprefix.$table." where ".$from."='$id'"; if isarray$result...
PHP Live Helper <= 2.0.1 Multiple Vulnerabilities
GulfTech Security Research August 16, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : PHP Live Helper = 2.0.1 Risk : Multiple Vulnerabilities Description: PHP Live Helper is an online support system written in php that allows the visitors of a website to intera...
PHP Live Helper 2.0.1 - Multiple Vulnerabilities
PHP Live Helper 2.0.1 - Multiple Vulnerabilities GulfTech Security Research August 16, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : PHP Live Helper DBsite-queryfirst"SELECT FROM ". $this-dbprefix.$table." where ".$from."='$id'"; if isarray$result foreach...
phplivehelper-sqlexec.txt
GulfTech Security Research August 16, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : PHP Live Helper DBsite-queryfirst"SELECT FROM ". $this-dbprefix.$table." where ".$from."='$id'"; if isarray$result foreach $result as $key = $val $info$key = stripslashes$val;...
PHP Live Helper <= 2.0.1 Multiple Remote Vulnerabilities
No description provided by source. GulfTech Security Research August 16, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : PHP Live Helper = 2.0.1 Risk : Multiple Vulnerabilities Description: PHP Live Helper is an online support system written in php that allows...
PHP Live Helper 2.0.1 - Multiple Vulnerabilities
GulfTech Security Research August 16, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : PHP Live Helper DBsite-queryfirst"SELECT FROM ". $this-dbprefix.$table." where ".$from."='$id'"; if isarray$result foreach $result as $key = $val $info$key = stripslashes$val;...
Sql injection
SQL injection vulnerability in rating.php in Academic Web Tools AWT YEKTA 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the bookid parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Academic Web Tools AWT YEKTA 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 query string to login.php and the 2 glbsid parameter to hta/htmlarea.js.php, and allow remote authenticated...
CVE-2008-2968
SQL injection vulnerability in rating.php in Academic Web Tools AWT YEKTA 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the bookid parameter...
Session fixation
Multiple session fixation vulnerabilities in Academic Web Tools AWT YEKTA 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to 1 index.php and 2 login.php in homepg/...
CVE-2008-2970
Multiple session fixation vulnerabilities in Academic Web Tools AWT YEKTA 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to 1 index.php and 2 login.php in homepg/...
CVE-2008-2969
Directory traversal vulnerability in download.php in Academic Web Tools AWT YEKTA 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to read arbitrary files via a .. dot dot in the dfile parameter...