[CLOSE] OSVDB ID : 26467 - Disclosed: 2006-06-10

Description:

PhpMyFactures contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /pays/modifier_pays.php script not properly sanitizing user-supplied input to the 'id_pays' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 26468 - Disclosed: 2006-06-10

Description:

PhpMyFactures contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the produits/ajouter_cat.php script not properly sanitizing user-supplied input to the 'titre' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 26469 - Disclosed: 2006-06-10

Description:

PhpMyFactures contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the stocks/ajouter.php script not properly sanitizing user-supplied input to the 'id_produit', 'quantite', 'prix_ht' and 'date' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 26470 - Disclosed: 2006-06-10

Description:

PhpMyFactures contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the produits/modifier_cat.php script not properly sanitizing user-supplied input to the 'id_cat' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 26471 - Disclosed: 2006-06-10

Description:

PhpMyFactures contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the clients/modifier_client.php script not properly sanitizing user-supplied input to the 'id_client' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 26472 - Disclosed: 2006-06-10

Description:

PhpMyFactures contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the remises/index.php script not properly sanitizing user-supplied input to the 'id_remise' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 26473 - Disclosed: 2006-06-10

Description:

PhpMyFactures contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the tva/index.php script not properly sanitizing user-supplied input to the 'id_taux' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 26474 - Disclosed: 2006-06-10

Description:

PhpMyFactures contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the stocks/index.php script not properly sanitizing user-supplied input to the 'ref_produit', 'id_stock' or 'ref_produit' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 26475 - Disclosed: 2006-06-10

Description:

PhpMyFactures contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the pays/index.php script not properly sanitizing user-supplied input to the 'id_pays' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 26476 - Disclosed: 2006-06-10

Description:

PhpMyFactures contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the produits/index.php script not properly sanitizing user-supplied input to the 'id_cat' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 26477 - Disclosed: 2006-06-10

Description:

PhpMyFactures contains a flaw that may allow a remote attacker to manipulate data. The issue is due to the system not properly authenticating for access to several pages. A remote unauthenticated attacker could use this manipulate a wide variety of data in the back-end database.

[CLOSE] OSVDB ID : 26478 - Disclosed: 2006-06-10

Description:

PhpMyFactures contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'prefixe_dossier' variable upon submission to the /inc/header.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26479 - Disclosed: 2006-06-10

Description:

PhpMyFactures contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'msg' or 'tire' variables upon submission to the ajouter_remise.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26480 - Disclosed: 2006-06-10

Description:

PhpMyFactures contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'msg' variable upon submission to the ajouter_produit.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26481 - Disclosed: 2006-06-10

Description:

PhpMyFactures contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'msg' variable upon submission to the ajouter_tva.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26482 - Disclosed: 2006-06-10

Description:

PhpMyFactures contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'msg', 'quantite', 'taux' or 'date' variables upon submission to the /stocks/ajouter.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26483 - Disclosed: 2006-06-10

Description:

PhpMyFactures contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'msg', 'pays' or 'prefixe' variables upon submission to the ajouter_pays.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26484 - Disclosed: 2006-06-10

Description:

PhpMyFactures contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'msg' variable upon submission to the ajouter_cat.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26485 - Disclosed: 2006-06-10

Description:

PhpMyFactures contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'msg' variable upon submission to the modifier_cat.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26486 - Disclosed: 2006-06-10

Description:

PhpMyFactures contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the verif.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 26487 - Disclosed: 2006-06-10

Description:

PhpMyFactures contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the inc/footer.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 26488 - Disclosed: 2006-06-10

Description:

PhpMyFactures contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the ajouter_remise.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 26401 - Disclosed: 2006-06-10

Description:

DqZone Shopping Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ToCategory' and 'FromCategory' variables upon submission to the ProductDetailsForm.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26402 - Disclosed: 2006-06-10

Description:

DwZone contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'UserName' and 'Password' variables upon submission to the LogIn/VerifyUserLog.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26400 - Disclosed: 2006-06-10

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp in Uapplication Uphotogallery 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) block parameters.

[CLOSE] OSVDB ID : 26398 - Disclosed: 2006-06-10

Description:

Xtreme ASP Photo Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'catname' and 'total' variables upon submission to the displaypic.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26399 - Disclosed: 2006-06-10

Description:

Xtreme ASP PhotoGallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'catname' variable upon submission to the displaythumbs.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26218 - Disclosed: 2006-06-10

Description:

(Description Provided by CVE) : SQL injection vulnerability in vs_search.php in Arantius Vice Stats before 1.0.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2006-2972.

[CLOSE] OSVDB ID : 26515 - Disclosed: 2006-06-10

Description:

(Description Provided by CVE) : Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack 4 allow remote attackers to cause a denial of service (crash) via (1) "long command lines at port 32000" and (2) certain name service queries that are not properly handled by the SMTP service.

[CLOSE] OSVDB ID : 26516 - Disclosed: 2006-06-10

Description:

(Description Provided by CVE) : The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field.

[CLOSE] OSVDB ID : 26517 - Disclosed: 2006-06-10

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 26518 - Disclosed: 2006-06-10

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 26519 - Disclosed: 2006-06-10

Description:

(Description Provided by CVE) : The SMTP service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (infinite loop) via a message in which neither the originator nor recipient address is known.

[CLOSE] OSVDB ID : 26520 - Disclosed: 2006-06-10

Description:

(Description Provided by CVE) : Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack 4 allow remote attackers to cause a denial of service (crash) via (1) "long command lines at port 32000" and (2) certain name service queries that are not properly handled by the SMTP service.

[CLOSE] OSVDB ID : 26521 - Disclosed: 2006-06-10

Description:

(Description Provided by CVE) : Unspecified vulnerability in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a TOP command to the POP3 service.

[CLOSE] OSVDB ID : 26656 - Disclosed: 2006-06-10

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 41776 - Disclosed: 2006-06-10

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via (1) the search box, and the (2) url, (3) website, (4) comment, and (5) signature fields in the profile, and possibly (6) a menu item.

[CLOSE] OSVDB ID : 41777 - Disclosed: 2006-06-10

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via (1) the search box, and the (2) url, (3) website, (4) comment, and (5) signature fields in the profile, and possibly (6) a menu item.

[CLOSE] OSVDB ID : 31601 - Disclosed: 2006-06-10

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in sql_fcnsOLD.php in Emergenices Personnel Information System (Empris) 20020923 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phormationdir parameter.

[CLOSE] OSVDB ID : 58820 - Disclosed: 2006-06-10

Description:

(Description Provided by CVE) : The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe.