Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Vastal Subscribe
Total 17 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-6367 1 Vastal 1 I-tech Buddy Zone Facebook Clone 2018-02-14 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter.
CVE-2017-15991 1 Vastal 1 Agent Zone 2017-11-18 7.5 HIGH 9.8 CRITICAL
Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982.
CVE-2017-15975 1 Vastal 1 Dating Zone 2017-11-17 7.5 HIGH 9.8 CRITICAL
Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461.
CVE-2008-6209 1 Vastal 1 Software Zone 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in view_product.php in Vastal I-Tech Software Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2008-4157 1 Vastal 1 Phpvid 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3 is also affected.
CVE-2008-2335 1 Vastal 1 Phpvid 2017-09-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 1.2.3 is also affected.
CVE-2008-3951 1 Vastal 1 Agent Zone 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in view_ann.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the ann_id parameter.
CVE-2008-3953 1 Vastal 1 Shaadi Zone 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in keyword_search_action.php in Vastal I-Tech Shaadi Zone 1.0.9 allows remote attackers to execute arbitrary SQL commands via the tage parameter.
CVE-2012-6526 1 Vastal 1 Freelance Zone 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in show_code.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the code_id parameter.
CVE-2012-0982 1 Vastal 1 Agent Zone 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the price_from parameter.
CVE-2009-3505 1 Vastal 1 Mmorpg Zone 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter. NOTE: the game_id vector is already covered by CVE-2008-4460.
CVE-2015-2563 1 Vastal 1 Phpvid 2015-03-23 7.5 HIGH N/A
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector is already covered by CVE-2008-4157.
CVE-2013-5312 1 Vastal 1 Phpvid 2013-08-20 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to browse_videos.php or the (2) cat parameter to groups.php.
CVE-2013-5311 1 Vastal 1 Phpvid 2013-08-20 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to execute arbitrary SQL commands via the "n" parameter to (1) browse_videos.php or (2) members.php. NOTE: the cat parameter is already covered by CVE-2008-4157.
CVE-2009-3497 1 Vastal 1 Agent Zone 2009-09-30 7.5 HIGH N/A
SQL injection vulnerability in view_listing.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3496 1 Vastal 1 Dvd Zone 2009-09-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to inject arbitrary web script or HTML via the mag_id parameter.
CVE-2009-3495 1 Vastal 1 Dvd Zone 2009-09-30 7.5 HIGH N/A
SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the mag_id parameter, a different vector than CVE-2008-4465.