|
294471
|
- |
|
mavili_guestbook_project
|
mavili_guestbook
|
Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5298
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294472
|
- |
|
mavili_guestbook_project
|
mavili_guestbook
|
SQL injection vulnerability in edit.asp in Mavili Guestbook, as released in November 2007, allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2012-5297
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294473
|
- |
|
mavili_guestbook_project
|
mavili_guestbook
|
Multiple cross-site scripting (XSS) vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) approv…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5296
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294474
|
- |
|
fusetalk
fusetalk.
|
fusetalk
|
Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-5295
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294475
|
- |
|
mystorexpress
|
tienda_virtual
|
SQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2012-5294
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294476
|
- |
|
redgraphic
|
sapid_cms
|
Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/g…
|
CWE-94
Code Injection
|
CVE-2012-5293
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294477
|
- |
|
atar2b
|
atar2b_cms
|
Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php.
|
CWE-89
SQL Injection
|
CVE-2012-5292
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294478
|
- |
|
possesports
|
posse_softball_director_cms
|
SQL injection vulnerability in team.php in Posse Softball Director CMS allows remote attackers to execute arbitrary SQL commands via the idteam parameter.
|
CWE-89
SQL Injection
|
CVE-2012-5291
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294479
|
- |
|
wcs4web
|
easywebrealestate
|
Multiple SQL injection vulnerabilities in EasyWebRealEstate allow remote attackers to execute arbitrary SQL commands via the (1) lstid parameter to listings.php or (2) infoid parameter to index.php.
|
CWE-89
SQL Injection
|
CVE-2012-5290
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294480
|
- |
|
plogger
|
plogger
|
Multiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) index.php or (2) gallery.php.
|
CWE-89
SQL Injection
|
CVE-2012-5289
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
