15 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3

SQL injection vulnerability in cat_products.php in SoftBiz Dating Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: this might overlap CVE-2006-3271.4. Vulnerabilidad de inyección SQL en cat_products.php en SoftBiz Dating Script, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cid. NOTA: está vulnerabilidad podría superponerse a CVE-2006-3271.4. • https://www.exploit-db.com/exploits/33132 http://packetstormsecurity.org/0907-exploits/softbizdating-sql.txt http://www.securityfocus.com/bid/35896 https://exchange.xforce.ibmcloud.com/vulnerabilities/52158 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 11

Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en Softbiz Image Gallery (Photo Gallery) permite a atacantes remotos inyectar web script o HTML a través del parámetro (1) latest en (a) index.php, (b) images.php, (c) suggest_image.php y (d) image_desc.php; y del parámetro (2) msg de index.php, images.php, y suggest_image.php, y (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php y (k) images.php in admin/. NOTA: el vector image_desc.php/msg está cubierto por la CVE-2006-1660. • https://www.exploit-db.com/exploits/32174 https://www.exploit-db.com/exploits/32176 https://www.exploit-db.com/exploits/32178 https://www.exploit-db.com/exploits/32175 https://www.exploit-db.com/exploits/32177 https://www.exploit-db.com/exploits/32171 https://www.exploit-db.com/exploits/32173 https://www.exploit-db.com/exploits/32170 https://www.exploit-db.com/exploits/32172 http://www.securityfocus.com/bid/30546 http://www.securityfocus.com/bid/30546/exploit • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2

SQL injection vulnerability in search_result.php in Softbiz Web Host Directory Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the host_id parameter, a different vector than CVE-2005-3817. Vulnerabilidad de inyección SQL en search_result.php de Softbiz Web Host Directory Script, cuando magic_quotes_gpc está deshabilitado, permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro host_id, un vector distinto a CVE-2005-3817. • https://www.exploit-db.com/exploits/5517 http://advisories.echo.or.id/adv/adv89-K-159-2008.txt http://secunia.com/advisories/29983 http://securityreason.com/securityalert/3855 http://www.securityfocus.com/archive/1/491396/100/0/threaded http://www.securityfocus.com/bid/28971 https://exchange.xforce.ibmcloud.com/vulnerabilities/42096 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter. Vulnerabilidad de inyección SQL en index.php de Softbiz Jokes & Funny Pics Script permite a atacantes remotos ejecutar comandos SLQ de su elección a través del parámetro sbcat_id. • https://www.exploit-db.com/exploits/31294 http://securityreason.com/securityalert/3703 http://www.securityfocus.com/archive/1/488706/100/0/threaded http://www.securityfocus.com/bid/27973 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en signin.php de Softbiz Freelancers Script 1 permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro errmsg. • https://www.exploit-db.com/exploits/4660 http://secunia.com/advisories/27808 http://www.securityfocus.com/bid/26569 https://exchange.xforce.ibmcloud.com/vulnerabilities/38615 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •