Searching phpbb auction software vulnerabilities

Auction Weaver CGI script 1.03 and earlier allo

Auction | script | Weaver | CGI |

Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter.


Auction Weaver CGI script 1.03 and earlier allo

Auction | script | Weaver | CGI |

Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catdir parameter.


Auction Weaver CGI script 1.02 and earlier allo

Auction | script | Weaver | CGI |

Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter.


Cross-site scripting vulnerability in phpBB 2.0

vulnerability | Cross-site | scripting | phpBB |

Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script.


PHP remote file inclusion vulnerability in albu

phpbb_root_path | album_portalphp | vulnerability | parameter | attackers | inclusion | arbitrary | modified | execute | allows | remote | Przemo | phpBB | code | file | PHP | via |

PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.


Multiple SQL injection vulnerabilities in Activ

vulnerabilities | attackers | arbitrary | injection | commands | Multiple | execute | Auction | remote | Active | House | allow | via | SQL |

Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or (5) Email field to sendpassword.asp.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table, (6) Title parameter to sendpassword.asp, or (7) itemid to watchthisitem.asp.


Multiple SQL injection vulnerabilities in phpbb

vulnerabilities | phpbb-Auction | arbitrary | attackers | injection | commands | Multiple | execute | remote | allow | via | SQL |

Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to auction_rating.php or (2) ar parameter to action_offer.php.


auction_my_auctions.php in phpbb-Auction 1.2m a

auction_my_auctionsphp | phpbb-Auction | information | attackers | sensitive | parameter | earlier | invalid | message | obtain | remote | allows | which | leaks | error | path | full | mode | PHP | 12m | via |

auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to(1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. NOTE: there is evidence that viewnews.php and login.php may not be part of the PhpAuction product, so they are not included in this description.


The dispallclosed2 function in dispallclosed.pl

dispallclosedpl | dispallclosed2 | Creations | including | products | function | multiple | USANet |

The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter.


SQL injection vulnerability in PHP Labs Top Auc

vulnerability | arbitrary | attackers | injection | commands | execute | Auction | remote | allows | Labs | SQL | via | Top | PHP |

SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a disclosure reported the affected version as 1.0.


Cross-site scripting (XSS) vulnerability in MyS

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keyword parameter in the SearchZoom module.


Multiple SQL injection vulnerabilities in phpbb

vulnerabilities | phpbb-Auction | arbitrary | attackers | injection | commands | Multiple | execute | remote | allow | via | SQL |

Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosure states that the product name is "PHP-Auction", but this is probably an error.


** DISPUTED ** PHP remote file inclusion vulne

vulnerability | groupcpphp | inclusion | DISPUTED | remote | phpBB | file | PHP |

** DISPUTED ** PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use.


Cross-site scripting (XSS) vulnerability in ema

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.


SQL injection vulnerability in item.php in PSY

vulnerability | attackers | arbitrary | injection | parameter | commands | itemphp | execute | Auction | allows | remote | SQL | via | PSY |

SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.


PHP remote file inclusion vulnerability in func

vulnerability | functionsphp | inclusion | Extreme | remote | phpBB | file | PHP |

PHP remote file inclusion vulnerability in functions.php in Extreme phpBB (aka phpBB Extreme) 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.


SQL injection vulnerability in subcat.php in AJ

vulnerability | arbitrary | attackers | subcatphp | parameter | injection | commands | execute | Auction | cate_id | allows | remote | SQL | via |

SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.


SQL injection vulnerability in default.asp in A

ActiveWebSoftwares | vulnerability | defaultasp | attackers | arbitrary | injection | parameter | commands | execute | Auction | Active | allows | remote | catid | SQL | Pro | via |

SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Auction Pro 7.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.


Software vulnerabilities results 1 to 20 of 217     
Page: 12345...11