Page 3 of 15 results (0.009 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2006-1660

https://notcve.org/view.php?id=CVE-2006-1660

Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz Image Gallery allows remote attackers to inject arbitrary web script or HTML via msg parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. • http://secunia.com/advisories/19523 http://www.vupen.com/english/advisories/2006/1217 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 6

CVE-2005-3937 – SoftBiz B2B trading Marketplace Script - SQL Injection

https://notcve.org/view.php?id=CVE-2005-3937

SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffers.php, (3) products.php, or (4) profiles.php. • https://www.exploit-db.com/exploits/10656 https://www.exploit-db.com/exploits/26670 https://www.exploit-db.com/exploits/26671 https://www.exploit-db.com/exploits/26672 https://www.exploit-db.com/exploits/26669 http://pridels0.blogspot.com/2005/11/softbiz-b2b-trading-marketplace-script.html http://secunia.com/advisories/17808 http://www.osvdb.org/21252 http://www.osvdb.org/21253 http://www.osvdb.org/21254 http://www.osvdb.org/21255 http://www.securityfocus.c •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 6

CVE-2005-3938 – SoftBiz FAQ 1.1 - 'add_comment.php?id' SQL Injection

https://notcve.org/view.php?id=CVE-2005-3938

SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1) index.php, (2) faq_qanda.php, (3) refer_friend.php, (4) print_article.php, or (5) add_comment.php. • https://www.exploit-db.com/exploits/26677 https://www.exploit-db.com/exploits/26674 https://www.exploit-db.com/exploits/26673 https://www.exploit-db.com/exploits/26676 https://www.exploit-db.com/exploits/26675 http://pridels0.blogspot.com/2005/11/softbiz-faq-script-multiple-sql-vuln.html http://secunia.com/advisories/17809 http://www.osvdb.org/21257 http://www.osvdb.org/21258 http://www.osvdb.org/21259 http://www.osvdb.org/21260 http://www.osvdb.org •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 6

CVE-2005-3879 – Softbiz Resource Repository Script - 'details_res.php?sbres_id' SQL Injection

https://notcve.org/view.php?id=CVE-2005-3879

Multiple SQL injection vulnerabilities in Softbiz Resource Repository Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sbres_id parameter in (a) details_res.php, (b) refer_friend.php, and (c) report_link.php, and (2) the sbcat_id parameter in (d) showcats.php. • https://www.exploit-db.com/exploits/26613 https://www.exploit-db.com/exploits/26616 https://www.exploit-db.com/exploits/26614 https://www.exploit-db.com/exploits/26615 http://pridels0.blogspot.com/2005/11/softbiz-resource-repository-script-sql.html http://secunia.com/advisories/17555 http://www.osvdb.org/21133 http://www.osvdb.org/21134 http://www.osvdb.org/21135 http://www.osvdb.org/21136 http://www.securityfocus.com/bid/15585 http://www.vupen.com/english •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 7

CVE-2005-3817 – SoftBiz Web Hosting Directory Script 1.1 - 'browsecats.php?cid' SQL Injection

https://notcve.org/view.php?id=CVE-2005-3817

Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module. • https://www.exploit-db.com/exploits/26582 https://www.exploit-db.com/exploits/26583 https://www.exploit-db.com/exploits/26581 https://www.exploit-db.com/exploits/26580 https://www.exploit-db.com/exploits/12439 http://pridels0.blogspot.com/2005/11/web-host-directory-script-multiple.html http://secunia.com/advisories/17724 http://www.osvdb.org/21079 http://www.osvdb.org/21080 http://www.osvdb.org/21081 http://www.osvdb.org/21082 http://www.osvdb.org/2108 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •