9 matches found
EUVD-2010-4777
Malware in sbrugna...
EUVD-2010-4776
Malware in sbrugna...
Sql injection
Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 allow remote attackers to execute arbitrary SQL commands via the 1 tids parameter to ajaxadmin.php and the 2 msgids parameter to ajaxmember.php...
CVE-2010-4811
Multiple cross-site scripting XSS vulnerabilities in ajaxmember.php in 6kbbs 8.0 build 20100901 allow remote attackers to inject arbitrary web script or HTML via the 1 usermsn, 2 useremail, and 3 userphone parameters in a modifyDetails action...
CVE-2010-4812
Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 allow remote attackers to execute arbitrary SQL commands via the 1 tids parameter to ajaxadmin.php and the 2 msgids parameter to ajaxmember.php...
CVE-2010-4811
CVE-2010-4811 concerns multiple cross-site scripting (XSS) vulnerabilities in the 6kbbs 8.0 build 20100901 package, specifically in ajaxmember.php. The flaws allow remote attackers to inject arbitrary web script or HTML by manipulating the parameters user[msn], user[email], and user[phone] in a m...
CVE-2010-4812
The CVE-2010-4812 entry describes multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901. The affected components are the web application’s ajaxadmin.php (parameter tids[]) and ajaxmember.php (parameter msgids[]). The underlying issue is that user-supplied input is used to construct S...
CVE-2010-4812
Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 allow remote attackers to execute arbitrary SQL commands via the 1 tids parameter to ajaxadmin.php and the 2 msgids parameter to ajaxmember.php...
CVE-2010-4811
Multiple cross-site scripting XSS vulnerabilities in ajaxmember.php in 6kbbs 8.0 build 20100901 allow remote attackers to inject arbitrary web script or HTML via the 1 usermsn, 2 useremail, and 3 userphone parameters in a modifyDetails action...