[CLOSE] OSVDB ID : 49715 - Disclosed: 2001-02-11

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 21137 - Disclosed: 2005-11-28

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.

[CLOSE] OSVDB ID : 63894 - Disclosed: 2010-04-13

Description:

Q-Personel Component for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'katid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 61354 - Disclosed: 2009-12-27

Description:

Q-Personel Component for Joomla! contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'personel_sira' parameter upon submission to the 'index.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 60421 - Disclosed: 2009-08-25

Description:

Q-Proje Siirler Bileseni contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'sid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 89989 - Disclosed: 2009-10-27

Description:

By default, Mutliple Q-See MPEG4 DVRs install with default user credentials (username/password combination). The administrator account has a password of '0000', which is publicly known and documented. This allows remote attackers to trivially access the program or system and gain privileged access.

[CLOSE] OSVDB ID : 28917 - Disclosed: 2006-09-17

Description:

Q-Shop contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the browse.asp script not properly sanitizing user-supplied input to the 'OrderBy' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 50173 - Disclosed: 2008-11-17

Description:

Q-Shop contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'srkeys' parameter upon submission to the 'search.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 50169 - Disclosed: 2008-11-17

Description:

Q-Shop contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'users.asp' script not properly sanitizing user-supplied input to the 'UserID' and 'Pwd' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 27600 - Disclosed: 2006-06-23

Description:

QaTraq contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'msg', 'component_name', and 'component_desc' variables upon submission to the components_copy_content.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27601 - Disclosed: 2006-06-23

Description:

QaTraq contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'msg', 'component_name', and 'component_desc' variables upon submission to the components_modify_content.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27602 - Disclosed: 2006-06-23

Description:

QaTraq contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'msg', 'component_name', and 'component_desc' variables upon submission to the components_new_content.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27603 - Disclosed: 2006-06-23

Description:

QaTraq contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'title', 'version', and 'content' variables upon submission to the design_copy_content.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27604 - Disclosed: 2006-06-23

Description:

QaTraq contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'plan_title' and 'plan_content' variables upon submission to the design_copy_plan_search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27605 - Disclosed: 2006-06-23

Description:

QaTraq contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'title', 'minor_version', 'new_version', and 'content' variables upon submission to the design_modify_content.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27606 - Disclosed: 2006-06-23

Description:

QaTraq contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'title', 'version', and 'content' variables upon submission to the design_new_content.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27607 - Disclosed: 2006-06-23

Description:

QaTraq contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'plan_name' and 'plan_desc' variables upon submission to the design_new_search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27608 - Disclosed: 2006-06-23

Description:

QaTraq contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'file_name' variable upon submission to the download.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27609 - Disclosed: 2006-06-23

Description:

QaTraq contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'username' and 'password' variables upon submission to the login.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27617 - Disclosed: 2006-06-23

Description:

QaTraq contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to multiple unspecified scripts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27610 - Disclosed: 2006-06-23

Description:

QaTraq contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'title', 'version', and 'content' variables upon submission to the phase_copy_content.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27611 - Disclosed: 2006-06-23

Description:

QaTraq contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'content' variable upon submission to the phase_delete_search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27612 - Disclosed: 2006-06-23

Description:

QaTraq contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'title', 'minor_version', 'new_version', and 'content' variables upon submission to the phase_modify_content.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27613 - Disclosed: 2006-06-23

Description:

QaTraq contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'content', 'title', 'version', and 'content' variables upon submission to the phase_modify_search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27614 - Disclosed: 2006-06-23

Description:

QaTraq contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'content' variable upon submission to the phase_view_search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27615 - Disclosed: 2006-06-23

Description:

QaTraq contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'msg', 'product_name', and 'product_desc' variables upon submission to the products_copy_content.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27616 - Disclosed: 2006-06-23

Description:

QaTraq contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'product_name' and 'product_desc' variables upon submission to the products_copy_search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27599 - Disclosed: 2006-06-23

Description:

QaTraq contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'link_print', 'link_upgrade', 'link_sql', 'link_next', 'link_prev', and 'link_list' variables upon submission to the top.inc script, before being called by queries_view_search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 77723 - Disclosed: 2011-12-08

Description:

QContacts Component for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'filter_order' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 35746 - Disclosed: 2007-04-13

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in authenticate.php in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.