CVE-2007-0364

CVE-2007-0364 describes multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and earlier, allowing remote attackers to inject arbitrary script/HTML via numerous parameters across several pages (e.g., suggest_category.php, user_detail.php, tell_friend.php, sendmail.php, ...

CVE-2007-0349

CVE-2007-0349 affects nicecoder.com INDEXU 5.x via upgrade.php. The gateway parameter allows directory traversal (..), enabling remote attackers to include arbitrary local files. This is documented across NVD and CVE records as a directory traversal vulnerability in upgrade.php, with the impact l...

CVE-2006-1767

CVE-2006-1767 affects nicecoder.com INDEXU 5.0.0 and 5.0.1. Multiple PHP remote file inclusion vulnerabilities allow remote attackers to execute arbitrary PHP code via a URL provided in the theme_path parameter across numerous scripts (index.php, become_editor.php, add.php, bad_link.php, browse.p...

CVE-2006-7017

CVE-2006-7017 involves multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1, triggered when an attacker supplies a URL in the admin_template_path parameter to various admin scripts (e.g., app_change_email.php, app_change_pwd.php, index.php, etc.). The underlying issue is unvalidated...

CVE-2006-0688

CVE-2006-0688 describes a PHP remote file inclusion vulnerability in the NiceCoder Indexu product, affecting versions 5.0.0 and 5.0.1. The flaw arises in application.php, allowing a remote attacker to execute arbitrary PHP code by supplying a URL in the base_path parameter. The NVD entry indicate...