CVE-2007-6125 – Softbiz Freelancers Script 1 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-6125
SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter. Vulnerabilidad de inyección SQL en search_form.php de Softbiz Freelancers Script 1 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro sb_protype. • https://www.exploit-db.com/exploits/4660 http://osvdb.org/38908 http://secunia.com/advisories/27808 http://www.securityfocus.com/bid/26569 https://exchange.xforce.ibmcloud.com/vulnerabilities/38616 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2007-5449 – Softbiz Recipes Portal Script - SQL Injection
https://notcve.org/view.php?id=CVE-2007-5449
SQL injection vulnerability in searchresult.php in Softbiz Recipes Portal Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter. Vulnerabilidad de inyección SQL en searchresult.php de Softbiz Recipes Portal Script permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro sbcat_id. • https://www.exploit-db.com/exploits/4527 http://secunia.com/advisories/27258 http://www.securityfocus.com/bid/26063 http://www.vupen.com/english/advisories/2007/3497 https://exchange.xforce.ibmcloud.com/vulnerabilities/37201 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2006-3607 – SoftBiz Banner Exchange Script 1.0 - 'gen_confirm_mem.php?PHPSESSID' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-3607
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner Exchange Script (aka Banner Exchange Network Script) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the city parameter in (a) insertmember.php, and (2) a PHPSESSID cookie in (b) lostpassword.php, (c) gen_confirm_mem.php, and (d) index.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Softbiz Banner Exchange Script (también conocido como Banner Exchange Network Script) 1.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de el parámetro (1) city de (a) insertmember.php, y (2) una cookie PHPSESSID en (b) lostpassword.php, (c) gen_configm_mem.php, y (d) index.php. • https://www.exploit-db.com/exploits/28139 https://www.exploit-db.com/exploits/28140 https://www.exploit-db.com/exploits/28137 https://www.exploit-db.com/exploits/28138 http://ellsec.org/print.php?type=N&item_id=141 http://www.securityfocus.com/archive/1/438705/100/200/threaded http://www.securityfocus.com/bid/18735 https://exchange.xforce.ibmcloud.com/vulnerabilities/27460 https://exchange.xforce.ibmcloud.com/vulnerabilities/27461 •
CVE-2006-3271 – SoftBizScripts Dating Script - SQL Injection
https://notcve.org/view.php?id=CVE-2006-3271
Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php. Vulnerabilidad de múltiples inyección SQL en Softbiz Dating v1.0 permite a los atacantes remotos, ejecutar comandos SQL a través del parámetro (1) country y (2) sort_by en (a) search_results.php; parámetro (3) browse en (b) featured_photos.php; parámetro (4) cid en (c) products.php, (d) index.php, y (e) news_desc.php. • https://www.exploit-db.com/exploits/12438 https://www.exploit-db.com/exploits/28093 https://www.exploit-db.com/exploits/28096 https://www.exploit-db.com/exploits/28095 https://www.exploit-db.com/exploits/28094 http://secunia.com/advisories/20802 http://securityreason.com/securityalert/1163 http://www.securityfocus.com/archive/1/438245/100/0/threaded http://www.securityfocus.com/bid/18605 http://www.vupen.com/english/advisories/2006/2512 https://exchange.xforce.ibmcloud •
CVE-2006-1659 – SoftBiz Image Gallery - 'images.php?cid' SQL Injection
https://notcve.org/view.php?id=CVE-2006-1659
Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php. • https://www.exploit-db.com/exploits/27546 https://www.exploit-db.com/exploits/27545 https://www.exploit-db.com/exploits/27542 https://www.exploit-db.com/exploits/27544 https://www.exploit-db.com/exploits/27543 http://secunia.com/advisories/19523 http://www.osvdb.org/24368 http://www.osvdb.org/24369 http://www.osvdb.org/24370 http://www.osvdb.org/24371 http://www.osvdb.org/24372 http://www.securityfocus.com/archive/1/429763/100/0/threaded http:/ •