Vulnerabilities > OUT OF THE Trees WEB Design
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-06-09 | CVE-2006-2913 | Input Validation vulnerability in OUT of the Trees web Design Selectapix 1.31 Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to (1) popup.php and (2) view_album.php. | 2.6 |
2006-06-09 | CVE-2006-2912 | Input Validation vulnerability in OUT of the Trees web Design Selectapix 1.31 Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the (1) albumID parameter to (a) view_album.php or (b) index.php, (2) imageID parameter to (c) popup.php, or (3) username and (4) password parameters to (d) admin/member.php. | 7.5 |
2006-06-01 | CVE-2006-2722 | SQL Injection vulnerability in OUT of the Trees web Design Selectapix 1.4 SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
2006-05-19 | CVE-2006-2463 | Remote Security vulnerability in OUT of the Trees web Design Selectapix 1.31 view_album.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter. | 5.0 |