Vulnerabilities > Indexcor
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-01-30 | CVE-2007-0592 | Cross-Site Scripting vulnerability in Indexcor Ezdatabase 2.1.3 Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to admin/login.php and the Admin Panel Database. network indexcor | 6.8 |
2006-01-19 | CVE-2006-0315 | Cross-Site Scripting vulnerability in EZDatabase index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure. network indexcor | 5.8 |
2006-01-15 | CVE-2006-0214 | Unspecified vulnerability in Indexcor Ezdatabase 2.0/2.1.2 Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and include function calls. | 7.5 |
2005-12-17 | CVE-2005-4304 | Input Validation vulnerability in EZDatabase index.php in ezDatabase 2.1.2 and earlier allows remote attackers to obtain sensitive information via an invalid cat_id parameter, which leaks the full pathname in an error message. | 5.0 |
2005-12-17 | CVE-2005-4303 | Input Validation vulnerability in EZDatabase SQL injection vulnerability in index.php for ezDatabase 2.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the db_id parameter. | 7.5 |
2005-12-17 | CVE-2005-4302 | Input Validation vulnerability in EZDatabase Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and earlier allows remote attackers to include arbitrary local files via ".." sequences in the p parameter. | 5.0 |