Vulnerabilities > Web4Future
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-05-09 | CVE-2006-2244 | SQL-Injection vulnerability in News Portal Multiple SQL injection vulnerabilities in Web4Future News Portal allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) comentarii.php or (2) view.php. | 6.4 |
2006-05-09 | CVE-2006-2243 | Cross-Site Scripting vulnerability in News Portal Multiple cross-site scripting (XSS) vulnerabilities in Web4Future News Portal allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) comentarii.php or (2) view.php. network web4future | 5.8 |
2005-12-06 | CVE-2005-4039 | Directory Traversal vulnerability in Web4Future Portal Solutions Directory traversal vulnerability in arhiva.php in Web4Future Portal Solutions News Portal allows remote attackers to read arbitrary files via the dir parameter. | 7.8 |
2005-12-06 | CVE-2005-4038 | SQL Injection vulnerability in Web4Future Portal Solutions Comentarii.PHP SQL injection vulnerability in comentarii.php in Web4Future Portal Solutions News Portal allows remote attackers to execute arbitrary SQL commands via the idp parameter. | 7.5 |
2005-12-06 | CVE-2005-4037 | SQL Injection vulnerability in Web4Future Affiliate Manager PRO Functions.PHP SQL injection vulnerability in functions.php in Web4Future Affiliate Manager PRO 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. | 7.5 |
2005-12-06 | CVE-2005-4036 | Cross-Site Scripting vulnerability in Web4Future Keyword Frequency Counter 1.0 Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future KeyWord Frequency Counter 1.0 allows remote attackers to inject arbitrary web script or HTML via the "remote URL." network web4future | 4.3 |
2005-12-06 | CVE-2005-4035 | SQL Injection vulnerability in Web4Future eCommerce Enterprise Edition Multiple SQL injection vulnerabilities in Web4Future eCommerce Enterprise Edition 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prod, and (2) brid parameters to (a) view.php; the (3) the bid parameter to (b) viewbrands.php; and the (4) grp and (5) cat parameters to index.php. | 7.5 |
2005-12-06 | CVE-2005-4034 | SQL Injection vulnerability in Web4Future Edating Professional 5 Multiple SQL injection vulnerabilities in Web4Future eDating Professional 5 allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) pg, and (3) sortb parameters to (a) index.php; (4) cid parameter to (b) gift.php and (c) fq.php; and (5) cat parameter to (d) articles.php. | 7.5 |