| OSVDB ID | Disclosure Date | Title |
|---|
|
45247
Description:
68 Classifieds contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'category.php' script not properly sanitizing user-supplied input to the 'cat' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2008-05-15
|
68 Classifieds category.php cat Parameter SQL Injection
|
|
56564
Description:
68 Classifieds contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'cat' parameters upon submission to the 'category.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-07-27
|
68 Classifieds category.php cat Parameter XSS
|
|
56565
Description:
68 Classifieds contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'goto' parameters upon submission to the 'login.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-07-27
|
68 Classifieds login.php goto Parameter XSS
|
|
56566
Description:
68 Classifieds contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'page' parameters upon submission to the 'searchresults.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-07-27
|
68 Classifieds searchresults.php page Parameter XSS
|
|
56567
Description:
68 Classifieds contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'page' parameters upon submission to the 'toplistings.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-07-27
|
68 Classifieds toplistings.php page Parameter XSS
|
|
56568
Description:
68 Classifieds contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'view' parameters upon submission to the 'viewlisting.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-07-27
|
68 Classifieds viewlisting.php view Parameter XSS
|
|
56569
Description:
68 Classifieds contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'member' parameters upon submission to the 'viewmember.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-07-27
|
68 Classifieds viewmember.php member Parameter XSS
|
|
68668
Description:
68KB contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'modules/show.php' script not properly sanitizing user input supplied to the 'file' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2010-03-27
|
68KB modules/show.php file Parameter Remote File Inclusion
|
|
37013
Description:
6ALBlog contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'admin/index.php' script not properly sanitizing user input supplied to the 'pg' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2007-06-25
|
6ALBlog admin/index.php pg Parameter Remote File Inclusion
|
|
37012
Description:
(Description Provided by CVE) : SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
|
2007-06-25
|
6ALBlog member.php Multiple Parameter SQL Injection
|
|
69361
Description:
6kbbs contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the ajaxadmin.php script not properly sanitizing user-supplied input to the 'tids[]' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-11-11
|
6kbbs ajaxadmin.php tids[] Parameter SQL Injection
|
|
69362
Description:
6kbbs contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the ajaxmember.php script not properly sanitizing user-supplied input to the 'msgids[]' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-11-11
|
6kbbs ajaxmember.php msgids[] Parameter SQL Injection
|
|
69360
Description:
6kbbs contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'user[msn]', 'user[email]', and 'user[phone]' and 'tids[]' parameters upon submission to the ajaxmember.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-11-11
|
6kbbs ajaxmember.php Multiple Parameter XSS
|
|
48673
Description:
6rbScript contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'cat.php' script not properly sanitizing user-supplied input to the 'CatID' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2008-09-22
|
6rbScript cat.php CatID Parameter SQL Injection
|
|
48508
Description:
(Description Provided by CVE) : Directory traversal vulnerability in section.php in 6rbScript 3.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
|
2008-09-21
|
6rbScript section.php name Parameter Traversal Arbitrary File Access
|
|
48509
Description:
6rbScript contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'section.php' script not properly sanitizing user-supplied input to the 'singerid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2008-09-21
|
6rbScript section.php singerid Parameter SQL Injection
|
|
1977
Description:
6Tunnnel contains a flaw that may allow a remote denial of service. The issue is triggered when repeatedly connecting and disconnecting from the to the server occurs, and will result in loss of availability for the service.
|
2001-10-23
|
6Tunnel Connection Close State DoS
|
