10 matches found
CVE-2006-0879
CVE-2006-0879 describes an SQL injection vulnerability in the search tool of Noah’s Classifieds 1.3. The vulnerability allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors. The NVD entry lists a high base score (7.5) with network attack vector and no authentica...
CVE-2005-2979
CVE-2005-2979 describes a SQL injection in Noah’s classifieds (index.php) by manipulating the rollid parameter. Public documents identify Noah’s classifieds as the affected software and point to an underlying input handling flaw in index.php, enabling remote SQL command execution. The NVD entry l...
CVE-2006-0882
CVE-2006-0882 governs a directory traversal vulnerability in Noah’s Classifieds 1.3, where an attacker can cause index.php to include arbitrary local files via the otherTemplate parameter in include.php. This confirms a remote access impact through file inclusion. The available documents identify...
CVE-2006-0881
CVE-2006-0881 concerns Noah’s Classifieds 1.3, where the PHP file gorum/gorumlib.php is vulnerable to remote file inclusion when PHP register_globals is enabled. The vulnerability enables an attacker to compel the application to include arbitrary PHP files by manipulating the upperTemplate or low...
CVE-2005-2980
The CVE-2005-2980 issue is an XSS vulnerability in Noah’s Classifieds v1.3, specifically in index.php where the rollid parameter can be exploited to inject arbitrary web script/HTML. The connected PT-2005-3817 entry confirms the vulnerable software and parameters, and notes that remote attackers ...
CVE-2006-0878
Noah's Classifieds 1.3 is affected by a path disclosure vulnerability in which remote attackers can obtain the installation path via a direct request to include files (example: classifieds/gorum/category.php). The root cause is a file inclusion/path traversal issue that exposes server paths. Vers...
CVE-2006-0880
CVE-2006-0880 – The Noah’s Classifieds 1.3 PHP application is vulnerable to multiple XSS flaws in index.php. Attackers can inject arbitrary script/HTML via the (1) inf parameter, and, if PHP register_globals is enabled, via the (2) upperTemplate and (3) lowerTemplate parameters. The description d...
CVE-2006-1332
CVE-2006-1332 concerns Noah’s Classifieds 1.3 and earlier where a flaw in the showdetails method (index.php) allows remote attackers to obtain sensitive information by supplying an invalid list parameter, causing an error message to disclose the path. The incident affects the product’s ability to...
CVE-2006-1331
CVE-2006-1331 describes multiple cross-site scripting (XSS) vulnerabilities in Noah's Classifieds 1.3 and earlier, exploitable via the index.php parameters (1) method or (2) list. Root cause is inadequate input handling/validation in these parameters, enabling remote attackers to inject arbitrary...
CVE-2006-5293
CVE-2006-5293 affects PhpOutsourcing Noah’s Classifieds, prior to or including version 1.3, where index.php is vulnerable to cross-site scripting via the frommethod parameter. Affected component: index.php; vulnerability type: XSS. CVSS v2 base score 6.8 (Medium) with network attack vector, requi...