Lucene search
K
PhpoutsourcingNoahs Classifieds

10 matches found

CVE
CVE
added 2006/02/24 11:0 a.m.60 views

CVE-2006-0879

CVE-2006-0879 describes an SQL injection vulnerability in the search tool of Noah’s Classifieds 1.3. The vulnerability allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors. The NVD entry lists a high base score (7.5) with network attack vector and no authentica...

7.5CVSS8.3AI score0.0125EPSS
CVE
CVE
added 2005/09/19 4:0 a.m.58 views

CVE-2005-2979

CVE-2005-2979 describes a SQL injection in Noah’s classifieds (index.php) by manipulating the rollid parameter. Public documents identify Noah’s classifieds as the affected software and point to an underlying input handling flaw in index.php, enabling remote SQL command execution. The NVD entry l...

7.5CVSS8.8AI score0.01162EPSS
CVE
CVE
added 2006/02/24 11:0 a.m.54 views

CVE-2006-0882

CVE-2006-0882 governs a directory traversal vulnerability in Noah’s Classifieds 1.3, where an attacker can cause index.php to include arbitrary local files via the otherTemplate parameter in include.php. This confirms a remote access impact through file inclusion. The available documents identify...

5CVSS6.7AI score0.02753EPSS
CVE
CVE
added 2006/02/24 11:0 a.m.53 views

CVE-2006-0881

CVE-2006-0881 concerns Noah’s Classifieds 1.3, where the PHP file gorum/gorumlib.php is vulnerable to remote file inclusion when PHP register_globals is enabled. The vulnerability enables an attacker to compel the application to include arbitrary PHP files by manipulating the upperTemplate or low...

7.5CVSS7.1AI score0.07477EPSS
CVE
CVE
added 2005/09/19 4:0 a.m.51 views

CVE-2005-2980

The CVE-2005-2980 issue is an XSS vulnerability in Noah’s Classifieds v1.3, specifically in index.php where the rollid parameter can be exploited to inject arbitrary web script/HTML. The connected PT-2005-3817 entry confirms the vulnerable software and parameters, and notes that remote attackers ...

4.3CVSS6AI score0.01752EPSS
CVE
CVE
added 2006/02/24 11:0 a.m.49 views

CVE-2006-0878

Noah's Classifieds 1.3 is affected by a path disclosure vulnerability in which remote attackers can obtain the installation path via a direct request to include files (example: classifieds/gorum/category.php). The root cause is a file inclusion/path traversal issue that exposes server paths. Vers...

5CVSS6.6AI score0.01512EPSS
CVE
CVE
added 2006/02/24 11:0 a.m.44 views

CVE-2006-0880

CVE-2006-0880 – The Noah’s Classifieds 1.3 PHP application is vulnerable to multiple XSS flaws in index.php. Attackers can inject arbitrary script/HTML via the (1) inf parameter, and, if PHP register_globals is enabled, via the (2) upperTemplate and (3) lowerTemplate parameters. The description d...

4.3CVSS5.8AI score0.01867EPSS
CVE
CVE
added 2006/03/21 1:0 a.m.43 views

CVE-2006-1332

CVE-2006-1332 concerns Noah’s Classifieds 1.3 and earlier where a flaw in the showdetails method (index.php) allows remote attackers to obtain sensitive information by supplying an invalid list parameter, causing an error message to disclose the path. The incident affects the product’s ability to...

6.4CVSS6.2AI score0.01596EPSS
CVE
CVE
added 2006/03/21 1:0 a.m.40 views

CVE-2006-1331

CVE-2006-1331 describes multiple cross-site scripting (XSS) vulnerabilities in Noah's Classifieds 1.3 and earlier, exploitable via the index.php parameters (1) method or (2) list. Root cause is inadequate input handling/validation in these parameters, enabling remote attackers to inject arbitrary...

6.8CVSS5.8AI score0.01441EPSS
CVE
CVE
added 2006/10/16 6:0 p.m.40 views

CVE-2006-5293

CVE-2006-5293 affects PhpOutsourcing Noah’s Classifieds, prior to or including version 1.3, where index.php is vulnerable to cross-site scripting via the frommethod parameter. Affected component: index.php; vulnerability type: XSS. CVSS v2 base score 6.8 (Medium) with network attack vector, requi...

6.8CVSS6AI score0.01242EPSS