RSS   Vulnerabilities for 'Linkscaffe'   RSS

2006-07-31
 
CVE-2006-3932

 

 
SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

 
2006-07-26
 
CVE-2006-3884

CWE-Other
 

 
Multiple SQL injection vulnerabilities in links.php in Gonafish LinksCaffe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) offset and (2) limit parameters, (3) newdays parameter in a new action, and the (4) link_id parameter in a deadlink action. NOTE: this issue can also be used for path disclosure by a forced SQL error, or to modify PHP files using OUTFILE.

 
 
CVE-2006-3883

CWE-Other
 

 
Multiple cross-site scripting (XSS) vulnerabilities in Gonafish LinksCaffe 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the tablewidth parameter in (a) counter.php; (2) the newdays parameter in (b) links.php; and the (3) tableborder, (4) menucolor, (5) textcolor, and (6) bodycolor parameters in (c) menu.inc.php.

 

 >>> Vendor: Gonafish 3 Products
Linkscaffe
Linkscaffepro
Webstatcaffe


Copyright 2024, cxsecurity.com

 

Back to Top