2daybiz
Products
13- 4 CVEs
- 4 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
25| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2010-5019 | 0.03 | — | 0.00 | Nov 2, 2011 | SQL injection vulnerability in view_photo.php in 2daybiz Online Classified Script allows remote attackers to execute arbitrary SQL commands via the alb parameter. | ||
| CVE-2010-5018 | 0.03 | — | 0.03 | Nov 2, 2011 | Cross-site scripting (XSS) vulnerability in products/classified/headersearch.php in 2daybiz Online Classified Script allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | ||
| CVE-2010-5015 | 0.03 | — | 0.01 | Nov 2, 2011 | SQL injection vulnerability in view_photo.php in 2daybiz Network Community Script allows remote attackers to execute arbitrary SQL commands via the alb parameter. | ||
| CVE-2010-5004 | 0.03 | — | 0.00 | Nov 2, 2011 | SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Advanced Poll) Script allows remote attackers to execute arbitrary SQL commands via the category parameter. | ||
| CVE-2010-2691 | 0.03 | — | 0.02 | Jul 12, 2010 | Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt Design Script allow remote attackers to execute arbitrary SQL commands via the (1) sbid parameter to products_details.php, (2) pid parameter to products/products.php, and (3) designid parameter to designview.php. | ||
| CVE-2010-2610 | 0.03 | — | 0.00 | Jul 2, 2010 | Multiple SQL injection vulnerabilities in 2daybiz Job Site Script allow remote attackers to execute arbitrary SQL commands via the (1) jid parameter to view_current_job.php, (2) job_iid parameter to show_search_more.php, and (3) left_cat parameter to show_search_result.php. | ||
| CVE-2010-2609 | 0.03 | — | 0.02 | Jul 2, 2010 | SQL injection vulnerability in show_search_result.php in 2daybiz Job Search Engine Script allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | ||
| CVE-2010-2512 | 0.03 | — | 0.00 | Jun 28, 2010 | SQL injection vulnerability in customprofile.php in 2daybiz Matrimonial Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2010-2511 | 0.03 | — | 0.00 | Jun 28, 2010 | SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Marketing (MLM) Software allows remote attackers to execute arbitrary SQL commands via the nwsid parameter. | ||
| CVE-2010-2510 | 0.03 | — | 0.00 | Jun 28, 2010 | SQL injection vulnerability in customize.php in 2daybiz Web Template Software allows remote attackers to execute arbitrary SQL commands via the tid parameter. | ||
| CVE-2010-2509 | 0.03 | — | 0.00 | Jun 28, 2010 | Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php. | ||
| CVE-2010-2508 | 0.03 | — | 0.00 | Jun 28, 2010 | SQL injection vulnerability in user-profile.php in 2daybiz Video Community Portal Script allows remote attackers to execute arbitrary SQL commands via the userid parameter. | ||
| CVE-2010-2459 | 0.03 | — | 0.00 | Jun 25, 2010 | SQL injection vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to execute arbitrary SQL commands via the videoid parameter. | ||
| CVE-2010-2458 | 0.03 | — | 0.04 | Jun 25, 2010 | Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the videoid parameter. | ||
| CVE-2010-1706 | 0.03 | — | 0.02 | May 4, 2010 | Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction Script allow remote attackers to execute arbitrary SQL commands via (1) the login field (aka the username parameter), and possibly (2) the password field, to index.php. NOTE: some of these details are obtained from third party information. | ||
| CVE-2010-1704 | 0.03 | — | 0.02 | May 4, 2010 | Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to execute arbitrary SQL commands via (1) the password field to login.php, (2) the login field (aka email parameter) to login.php, (3) the password field (aka pass parameter) to the default URI under admin/, and possibly (4) the login field to the default URI under admin/. NOTE: some of these details are obtained from third party information. | ||
| CVE-2010-1703 | 0.03 | — | 0.06 | May 4, 2010 | Multiple cross-site scripting (XSS) vulnerabilities in index_search.php in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to inject arbitrary web script or HTML via the (1) category parameter or (2) search field. | ||
| CVE-2009-1820 | 0.03 | — | 0.03 | May 29, 2009 | Cross-site scripting (XSS) vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||
| CVE-2009-1819 | 0.03 | — | 0.00 | May 29, 2009 | SQL injection vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2009-1767 | 0.03 | — | 0.03 | May 22, 2009 | admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the (1) loginname, (2) password, (3) email, (4) firstname, or (5) lastname parameter. |
- CVE-2010-5019Nov 2, 2011risk 0.03cvss —epss 0.00
SQL injection vulnerability in view_photo.php in 2daybiz Online Classified Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.
- CVE-2010-5018Nov 2, 2011risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in products/classified/headersearch.php in 2daybiz Online Classified Script allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
- CVE-2010-5015Nov 2, 2011risk 0.03cvss —epss 0.01
SQL injection vulnerability in view_photo.php in 2daybiz Network Community Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.
- CVE-2010-5004Nov 2, 2011risk 0.03cvss —epss 0.00
SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Advanced Poll) Script allows remote attackers to execute arbitrary SQL commands via the category parameter.
- CVE-2010-2691Jul 12, 2010risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt Design Script allow remote attackers to execute arbitrary SQL commands via the (1) sbid parameter to products_details.php, (2) pid parameter to products/products.php, and (3) designid parameter to designview.php.
- CVE-2010-2610Jul 2, 2010risk 0.03cvss —epss 0.00
Multiple SQL injection vulnerabilities in 2daybiz Job Site Script allow remote attackers to execute arbitrary SQL commands via the (1) jid parameter to view_current_job.php, (2) job_iid parameter to show_search_more.php, and (3) left_cat parameter to show_search_result.php.
- CVE-2010-2609Jul 2, 2010risk 0.03cvss —epss 0.02
SQL injection vulnerability in show_search_result.php in 2daybiz Job Search Engine Script allows remote attackers to execute arbitrary SQL commands via the keyword parameter.
- CVE-2010-2512Jun 28, 2010risk 0.03cvss —epss 0.00
SQL injection vulnerability in customprofile.php in 2daybiz Matrimonial Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2010-2511Jun 28, 2010risk 0.03cvss —epss 0.00
SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Marketing (MLM) Software allows remote attackers to execute arbitrary SQL commands via the nwsid parameter.
- CVE-2010-2510Jun 28, 2010risk 0.03cvss —epss 0.00
SQL injection vulnerability in customize.php in 2daybiz Web Template Software allows remote attackers to execute arbitrary SQL commands via the tid parameter.
- CVE-2010-2509Jun 28, 2010risk 0.03cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php.
- CVE-2010-2508Jun 28, 2010risk 0.03cvss —epss 0.00
SQL injection vulnerability in user-profile.php in 2daybiz Video Community Portal Script allows remote attackers to execute arbitrary SQL commands via the userid parameter.
- CVE-2010-2459Jun 25, 2010risk 0.03cvss —epss 0.00
SQL injection vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to execute arbitrary SQL commands via the videoid parameter.
- CVE-2010-2458Jun 25, 2010risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the videoid parameter.
- CVE-2010-1706May 4, 2010risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction Script allow remote attackers to execute arbitrary SQL commands via (1) the login field (aka the username parameter), and possibly (2) the password field, to index.php. NOTE: some of these details are obtained from third party information.
- CVE-2010-1704May 4, 2010risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to execute arbitrary SQL commands via (1) the password field to login.php, (2) the login field (aka email parameter) to login.php, (3) the password field (aka pass parameter) to the default URI under admin/, and possibly (4) the login field to the default URI under admin/. NOTE: some of these details are obtained from third party information.
- CVE-2010-1703May 4, 2010risk 0.03cvss —epss 0.06
Multiple cross-site scripting (XSS) vulnerabilities in index_search.php in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to inject arbitrary web script or HTML via the (1) category parameter or (2) search field.
- CVE-2009-1820May 29, 2009risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to inject arbitrary web script or HTML via the id parameter.
- CVE-2009-1819May 29, 2009risk 0.03cvss —epss 0.00
SQL injection vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2009-1767May 22, 2009risk 0.03cvss —epss 0.03
admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the (1) loginname, (2) password, (3) email, (4) firstname, or (5) lastname parameter.