25 matches found
EUVD-2007-2890
Malware in sbrugna...
EUVD-2007-6625
Malware in sbrugna...
EUVD-2007-6624
Malware in sbrugna...
EUVD-2007-2897
Malware in sbrugna...
CVE-2007-6659
Multiple cross-site scripting XSS vulnerabilities in 2z project 0.9.6.1 allow remote attackers to inject arbitrary web script or HTML via the 1 contentshort or 2 contentfull parameter in an addnews action to the default URI; 3 the content parameter in a pm write action to 2z/admin.php; 4 the...
CVE-2007-6660
2z project 0.9.6.1 allows remote attackers to obtain sensitive information via 1 a request to index.php with an invalid template or 2 a request to the default URI with certain year and month parameters, which reveals the path in various error messages...
CVE-2007-6659
Multiple cross-site scripting XSS vulnerabilities in 2z project 0.9.6.1 allow remote attackers to inject arbitrary web script or HTML via the 1 contentshort or 2 contentfull parameter in an addnews action to the default URI; 3 the content parameter in a pm write action to 2z/admin.php; 4 the...
CVE-2007-6661
2z project 0.9.6.1 allows attackers to change the password without supplying the old password...
CVE-2007-6661
2z project 0.9.6.1 allows attackers to change the password without supplying the old password...
CVE-2007-6659
Multiple cross-site scripting XSS vulnerabilities in 2z project 0.9.6.1 allow remote attackers to inject arbitrary web script or HTML via the 1 contentshort or 2 contentfull parameter in an addnews action to the default URI; 3 the content parameter in a pm write action to 2z/admin.php; 4 the...
CVE-2007-6659
CVE-2007-6659 affects the 2z project (version 0.9.6.1). The issue is multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML via user-supplied parameters in various actions: (1) contentshort, (2) contentfull in addnews; (3) content in...
CVE-2007-6661
CVE-2007-6661 affects 2z project 0.9.6.1: attackers can change the password without supplying the old password. This is the concrete vulnerability described in multiple connected records (NVD, CVE listing). No exploit specifics or remediation are provided in the documents.
2zproject-multi.txt
Digital Security Research Group DSecRG Advisory Name: 2z project Systems Affected: 2z project 0.9.6.1 Vendor URL: http://2z-project.ru Authors: Alexandr Polyakov, Stas Svistunovich Digital Security Reasearch Group DSecRG research at dsec dot ru Reported: 27.12.2007 Vendor response: 27.12.2007 Dat...
2z-project 0.9.6.1 Multiple Security Vulnerabilities
Digital Security Research Group DSecRG Advisory Name: 2z project Systems Affected: 2z project 0.9.6.1 Vendor URL: http://2z-project.ru Authors: Alexandr Polyakov, Stas Svistunovich Digital Security Reasearch Group DSecRG research at dsec dot ru Reported: 27.12.2007 Vendor response: 27.12.2007 Dat...
CVE-2007-2905
SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the postid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Sql injection
SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php...
CVE-2007-2898
SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php...
CVE-2007-2898
SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php...
CVE-2007-2905
SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the postid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2007-2905
CVE-2007-2905 is a reported SQL injection vulnerability in the 2z Project 0.9.5, affecting the includes/rating.php component. The vulnerability allows remote attackers to execute arbitrary SQL commands via the post_id parameter. Multiple connected sources corroborate this flaw. The documents do n...