CVE-2006-3474
- EPSS 0.31%
- Veröffentlicht 10.07.2006 20:05:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to (a) gbrowse.php, (2) card_id parameter to (b) rating.php and (c) create.php, and the (3) eve...
CVE-2006-2810
- EPSS 1.92%
- Veröffentlicht 05.06.2006 17:02:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php. NOTE: the card_id vector is already cove...
CVE-2006-1230
- EPSS 0.84%
- Veröffentlicht 14.03.2006 19:06:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. NOTE: the card_id vector ...
CVE-2005-3332
- EPSS 2.71%
- Veröffentlicht 27.10.2005 10:02:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
PHP remote file include vulnerability in admin/define.inc.php in Belchior Foundry vCard 2.9 allows remote attackers to execute arbitrary PHP code via the match parameter.
- EPSS 3.06%
- Veröffentlicht 31.12.2004 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Vcard 2.9 and possibly other versions does not require authorization to run uninstall.php, which could allow remote attackers to uninstall Vcard and delete database tables via a direct request to uninstall.php.