| CVE-2006-0881 | | 0.04 | — | 0.07 | | Feb 24, 2006 | Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php in Noah's Classifieds 1.3, when register_globals is enabled, allow remote attackers to include arbitrary PHP files via the (1) upperTemplate and (2) lowerTemplate parameters, as demonstrated using the lowerTemplate parameter to index.php. |
| CVE-2006-0882 | | 0.03 | — | 0.05 | | Feb 24, 2006 | Directory traversal vulnerability in include.php in Noah's Classifieds 1.3 allows remote attackers to include arbitrary local files via the otherTemplate parameter to index.php. |
| CVE-2006-0879 | | 0.03 | — | 0.01 | | Feb 24, 2006 | SQL injection vulnerability in the search tool in Noah's Classifieds 1.3 allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors. |
| CVE-2006-0880 | | 0.03 | — | 0.01 | | Feb 24, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) inf parameter; or, when register_globals is enabled, the (2) upperTemplate and (3) lowerTemplate parameters. |
| CVE-2005-2980 | | 0.03 | — | 0.01 | | Sep 20, 2005 | Cross-site scripting (XSS) vulnerability in index.php in phpoutsourcing Noah's classifieds 1.3 allows remote attackers to inject arbitrary web script or HTML via the rollid parameter. |
| CVE-2005-2979 | | 0.03 | — | 0.00 | | Sep 20, 2005 | SQL injection vulnerability in index.php in phpoutsourcing Noah's classifieds allows remote attackers to execute arbitrary SQL commands via the rollid parameter. |
| CVE-2006-5293 | | 0.00 | — | 0.01 | | Oct 16, 2006 | Cross-site scripting (XSS) vulnerability in index.php in PhpOutsourcing Noah's Classifieds 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the frommethod parameter. |
| CVE-2006-1332 | | 0.00 | — | 0.01 | | Mar 21, 2006 | Noah's Classifieds 1.3 and earlier allows remote attackers to obtain sensitive information via an invalid list parameter in the showdetails method to index.php, which reveals the path in an error message. |
| CVE-2006-1331 | | 0.00 | — | 0.02 | | Mar 21, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) method or (2) list parameter. |
| CVE-2006-0878 | | 0.00 | — | 0.01 | | Feb 24, 2006 | Noah's Classifieds 1.3 allows remote attackers to obtain the installation path via a direct request to include files, as demonstrated by classifieds/gorum/category.php. |
