[CLOSE] OSVDB ID : 32679 - Disclosed: 2006-11-13

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 32678 - Disclosed: 2006-11-13

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 89107 - Disclosed: 2013-01-08

Description:

E SMS Scripg contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admin/adminlogin.php script not properly sanitizing user-supplied input to the 'Password' field. This may allow an attacker to manipulate an SQL query that will result in bypassing authentication. Once authenticated, the attacker will have access to the application with the same privileges as the administrator account used during the authentication bypass.

[CLOSE] OSVDB ID : 89106 - Disclosed: 2013-01-08

Description:

E SMS Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /smscollection.php script not properly sanitizing user-supplied input to the 'cat_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 35619 - Disclosed: 2007-04-30

Description:

(Description Provided by CVE) : SQL injection vulnerability in home.php in E-Annu allows remote attackers to execute arbitrary SQL commands via the a parameter.

[CLOSE] OSVDB ID : 30152 - Disclosed: 2006-10-30

Description:

(Description Provided by CVE) : SQL injection vulnerability in includes/menu.inc.php in E-Annu 1.0 allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 30651 - Disclosed: 2006-11-21

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_pear_path parameter.

[CLOSE] OSVDB ID : 38554 - Disclosed: 2007-09-13

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the cfg_vcard_path parameter to src/vcard_inc.php or (2) the cfg_phpmailer_path parameter to src/email_inc.php. NOTE: the ark_inc.php vector is already covered by CVE-2006-6086.

[CLOSE] OSVDB ID : 38553 - Disclosed: 2007-09-13

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the cfg_vcard_path parameter to src/vcard_inc.php or (2) the cfg_phpmailer_path parameter to src/email_inc.php. NOTE: the ark_inc.php vector is already covered by CVE-2006-6086.

[CLOSE] OSVDB ID : 23299 - Disclosed: 2006-02-16

Description:

E-Blah contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'HTTP_REFERER' HTTP request header upon submission to the 'Code/Routines.pl' script. This could allow a user to create a specially crafted request that would embed arbitrary code in admin log file entries. This code would then be executed in the browser of an admin user viewing these admin log files, leading to a loss of integrity.

[CLOSE] OSVDB ID : 65545 - Disclosed: 2010-06-14

Description:

e-Book Store Website Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'search.php' script not properly sanitizing user-supplied input to the 'keyword' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 59319 - Disclosed: 2006-05-03

Description:

(Description Provided by CVE) : E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection.

[CLOSE] OSVDB ID : 25465 - Disclosed: 2006-05-10

Description:

e-Business Designer contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the admin/form_grupo.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. Additionally, the resulting error message will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 25464 - Disclosed: 2006-05-10

Description:

(Description Provided by CVE) : E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to upload or modify arbitrary files, and execute arbitrary code, via a direct request to (1) common/html_editor/image_browser.upload.html, (2) common/html_editor/image_browser.html, or (3) common/html_editor/html_editor.html. NOTE: this can also be used for cross-site scripting (XSS) attacks by uploading cascading style sheet (.CSS) files.

[CLOSE] OSVDB ID : 25466 - Disclosed: 2006-05-10

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 30446 - Disclosed: 2006-11-15

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd (Password) fields in (a) admin/default.asp; or the (3) Event Title, (4) Location, or (5) Description field when making a search engine query in (b) search.asp. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 30447 - Disclosed: 2006-11-15

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd (Password) fields in (a) admin/default.asp; or the (3) Event Title, (4) Location, or (5) Description field when making a search engine query in (b) search.asp. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 15738 - Disclosed: 2005-04-23

Description:

E-Cart 2004 contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'art' parameter in the 'index.cgi' script not being properly sanitized and may allow a remote attacker to execute arbitrary commands via shell metacharacters resulting in a loss of integrity.

[CLOSE] OSVDB ID : 44014 - Disclosed: 2008-04-04

Description:

e-Classifieds Corporate Edition contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "db" variable upon submission to the hsx/classifieds.hsx script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 30468 - Disclosed: 2006-11-13

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in SitesOutlet E-commerce Kit-1 PayPal Edition allow remote attackers to execute arbitrary SQL commands via the (1) keyword or (2) cid parameter in (a) catalogue.asp, or the (3) pid parameter in (b) viewDetail.asp.

[CLOSE] OSVDB ID : 30469 - Disclosed: 2006-11-13

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in SitesOutlet E-commerce Kit-1 PayPal Edition allow remote attackers to execute arbitrary SQL commands via the (1) keyword or (2) cid parameter in (a) catalogue.asp, or the (3) pid parameter in (b) viewDetail.asp.

[CLOSE] OSVDB ID : 54564 - Disclosed: 2008-10-29

Description:

(Description Provided by CVE) : Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for Wordpress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/plugins/wp-shopping-cart/.

[CLOSE] OSVDB ID : 36589 - Disclosed: 2007-07-28

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script allow remote attackers to execute arbitrary SQL commands via the (1) EmailAdd (Username) and (2) Pass (password) parameters. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 59662 - Disclosed: 2009-11-03

Description:

e-Courier CMS contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'UserGUID' parameter upon submission to the 'home/index.asp' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 59668 - Disclosed: 2009-11-03

Description:

e-Courier CMS contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'UserGUID' parameter upon submission to the 'home/main-whyregister.asp' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 59666 - Disclosed: 2009-11-03

Description:

e-Courier CMS contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'UserGUID' parameter upon submission to the 'home/wizard_oe2.asp' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 59665 - Disclosed: 2009-11-03

Description:

e-Courier CMS contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'UserGUID' parameter upon submission to the 'home/Wizard_tracking.asp' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 59667 - Disclosed: 2009-11-03

Description:

e-Courier CMS contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'UserGUID' parameter upon submission to the 'home/your-register.asp' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 59669 - Disclosed: 2009-11-03

Description:

e-Courier CMS contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'UserGUID' parameter upon submission to the 'home/your.asp' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 15091 - Disclosed: 2005-03-29

Description:

E-Data contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the input fields upon submission to the creation of a new user. This could allow a user to create a specially crafted HTML and script code that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server when the malicious personal information is viewed, leading to a loss of integrity.