Vulnerabilities > Vastal
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-30 | CVE-2009-3496 | Cross-Site Scripting vulnerability in Vastal DVD Zone Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to inject arbitrary web script or HTML via the mag_id parameter. | 4.3 |
| 2009-09-30 | CVE-2009-3495 | SQL Injection vulnerability in Vastal DVD Zone SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the mag_id parameter, a different vector than CVE-2008-4465. | 7.5 |
| 2009-02-20 | CVE-2008-6209 | SQL Injection vulnerability in Vastal Software Zone SQL injection vulnerability in view_product.php in Vastal I-Tech Software Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | 7.5 |
| 2008-09-22 | CVE-2008-4157 | SQL Injection vulnerability in Vastal PHPvid 1.1 SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. | 7.5 |
| 2008-09-11 | CVE-2008-3953 | SQL Injection vulnerability in Vastal Shaadi Zone 1.0.9 SQL injection vulnerability in keyword_search_action.php in Vastal I-Tech Shaadi Zone 1.0.9 allows remote attackers to execute arbitrary SQL commands via the tage parameter. | 7.5 |
| 2008-09-11 | CVE-2008-3951 | SQL Injection vulnerability in Vastal Agent Zone SQL injection vulnerability in view_ann.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the ann_id parameter. | 7.5 |
| 2008-05-19 | CVE-2008-2335 | Cross-Site Scripting vulnerability in Vastal PHPvid 1.1/1.2 Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | 4.3 |