Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to inscription.php, (2) courseCode parameter to main/calendar/myagenda.php, (3) category parameter to...
Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4)...
SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat function, a different vector than...
Cross-site scripting (XSS) vulnerability in lostsheep.php in Crafty Syntax Live Help (CSLH) before 2.14.16, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the versions claimed by the original...
SQL injection vulnerability in print.php in the myTopics module for XOOPS allows remote attackers to execute arbitrary SQL commands via the articleid parameter. Date published : 2008-02-20 http://www.securityfocus.com/bid/27861 http://www.securityfocus.com/archive/1/488315/100/0/threaded
SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter. Date published : 2008-02-20 http://www.securityfocus.com/bid/27851 http://marc.info/?l=bugtraq&m=120335361520072&w=2
SQL injection vulnerability in wp-people-popup.php in Dean Logan WP-People plugin 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the person parameter. Date published : 2008-02-20 http://www.securityfocus.com/bid/27858 http://www.securityfocus.com/archive/1/488282/100/0/threaded
SQL injection vulnerability in index.php in the PccookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter. Date published : 2008-02-20 http://www.securityfocus.com/bid/27864 https://www.exploit-db.com/exploits/5145
StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive information and edit configuration scripts via a direct request to admin.asp. Date published : 2008-02-20 http://www.securityfocus.com/bid/27814 http://www.securityfocus.com/archive/1/488200/100/0/threaded
SQL injection vulnerability in index.php in the Classifier (com_clasifier) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. Date published : 2008-02-20 http://www.securityfocus.com/bid/27917 https://www.exploit-db.com/exploits/5146
SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2008-02-20 http://www.securityfocus.com/bid/27834...
Directory traversal vulnerability in view_member.php in Public Warehouse LightBlog 9.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the username parameter. Date published : 2008-02-20 http://www.securityfocus.com/bid/27837...
SQL injection vulnerability in refer.php in the astatsPRO (com_astatspro) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2008-02-20 http://www.securityfocus.com/bid/27850 https://www.exploit-db.com/exploits/5138
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) error and...