CVE-2005-4243

Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via various parameters (popupid in popups.edit.php; so, sb, nr in customer.tickets.view.php; subrackingid in subscribers.tracking.edit.php; delete in design.php; trackingid in tracki...

CVE-2005-4248

CVE-2005-4248 : Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 allow remote attackers to inject arbitrary web script or HTML via fields in (1) communication/subscribers.tracking.add.php, (2) support/tickets.add.php, and (3) mycompany/categories.php. The description across ...