3 matches found
CVE-2006-1374
CVE-2006-1374 concerns an SQL injection in AdMan 1.0.20051221 and earlier. The vulnerability is in viewStatement.php via the transactions_offset parameter, allowing remote attackers to execute arbitrary SQL commands. Affected product: AdMan (version 1.0.20051221 and earlier). Root cause: unvalida...
CVE-2007-4020
CVE-2007-4020 involves multiple cross-site scripting (XSS) vulnerabilities in login.php of AdMan 1.0.20051202 FF 3 patch and earlier. The issue allows remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pwd parameters. Affected software is AdMan prior to newer patches...
CVE-2006-1375
CVE-2006-1375 affects AdMan 1.0.20051221 and earlier. The vulnerability allows remote attackers to obtain the full server path via (1) a blank campaignId parameter to editCampaign.php and (2) a blank schemeId parameter to viewPricingScheme.php. Affected components are the PHP scripts handling cam...