RSS   Vulnerabilities for 'Buddy zone'   RSS

2007-07-03
 
CVE-2007-3549

 

 
SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

 
 
CVE-2007-3526

 

 
Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php.

 
2006-07-10
 
CVE-2006-3494

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone 1.0.1 allow remote attackers to inject arbitrary HTML and web script via the (1) cat_id parameter to (a) view_classifieds.php; (2) id parameter in (b) view_ad.php; (3) event_id parameter in (c) view_event.php, (d) delete_event.php, and (e) edit_event.php; and (4) group_id in (f) view_group.php.

 

 >>> Vendor: Vastal i-tech 12 Products
Buddy zone
Phpvid
Mmorpg zone
Dating zone
Visa zone
Jobs zone
Mag zone
Dvd zone
Cosmetics zone
Toner cart
Share zone
Freelance zone


Copyright 2024, cxsecurity.com

 

Back to Top