SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows remote attackers to execute arbitrary SQL commands via the id_sezione parameter. Date published : 2009-01-21 http://www.securityfocus.com/bid/32823 https://www.exploit-db.com/exploits/7465
Multiple cross-site scripting (XSS) vulnerabilities in index.php in CMS ISWEB 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the strcerca parameter (aka the input field for the cerca action)...
CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. NOTE: some of...
The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/blog.mdb....
SQL injection vulnerability in admin/blog_comments.asp in The Net Guys ASPired2Blog allows remote attackers to execute arbitrary SQL commands via the BlogID parameter. Date published : 2009-01-21 http://www.securityfocus.com/bid/32797 https://www.exploit-db.com/exploits/7436
VP-ASP Shopping Cart 6.50 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database containing the password via a direct request for database/shopping650.mdb. NOTE: some...
SQL injection vulnerability in redir.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2009-01-21 http://www.securityfocus.com/bid/32813 https://www.exploit-db.com/exploits/7453
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2) checkpass parameter (aka password field) to admin/index.php....
Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the (1) login parameter (aka user field) or the (2) password parameter (aka pass...
ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb. Date published : 2009-01-21...
SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained...
SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter. Date published : 2009-01-21 http://www.securityfocus.com/bid/32809 http://packetstormsecurity.org/0812-exploits/aspdevxmdiary-sqldisclose.txt
Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Cant Find A Gaming CMS (CFAGCMS) 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) main and (2) right...
SQL injection vulnerability in albums.php in Umer Inc Songs Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2009-01-21 http://www.securityfocus.com/bid/32802 https://www.exploit-db.com/exploits/7439