3 matches found
CVE-2008-6683
CVE-2008-6683 is an XSS in the Apartment Search Script (listtest.php) that allows remote attackers to inject arbitrary web script or HTML via the r parameter. Affected component: listtest.php; root cause: insufficient input sanitization on the r parameter enabling script execution in the victim’s...
CVE-2008-6684
CVE-2008-6684 describes an unrestricted file upload vulnerability in editimage.php of the Apartment Search Script. An attacker can upload a file with an executable extension bearing a GIF header and then access the renamed file via a direct request to Elephant/Member_Admin/logo/ to execute arbitr...
CVE-2008-1919
The CVE-2008-1919 entry describes an SQL injection in listtest.php of YourFreeWorld Apartment Search Script, exploitable via the r parameter. The underlying issue is improper input handling in a PHP script leading to arbitrary SQL execution. The vulnerability is remote in scope and affects the li...