[eVuln] Magic Downloads Unauthorized Data Modification

New eVuln Advisory: Magic Downloads Unauthorized Data Modification http://evuln.com/vulns/73/summary.html --------------------Summary---------------- eVuln ID: EV0073 CVE: CVE-2006-0722 Vendor: Reamday Enterprises Vendor's Web Site: http://reamdaysoft.com Software: Magic Downloads Sowtware's Web...

EV0072.txt

New eVuln Advisory: Magic News Lite PHP Code Execution & Unauthorized Data Modification http://evuln.com/vulns/72/summary.html --------------------Summary---------------- eVuln ID: EV0072 CVE: CVE-2006-0723 CVE-2006-0724 Vendor: Reamday Enterprises Vendor's Web Site: http://reamdaysoft.com...

PostNuke 0.6x/0.7x NS-Languages Module - 'language' Cross-Site Scripting

source: https://www.securityfocus.com/bid/16752/info PostNuke is prone to multiple input-validation vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. Successful exploitation could allow an attacker to compromise the application, access or...

PostNuke 0.6x/0.7x NS-Languages Module - 'language' SQL Injection

source: https://www.securityfocus.com/bid/16752/info PostNuke is prone to multiple input-validation vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. Successful exploitation could allow an attacker to compromise the application, access or...

PostNuke 0.6x0.7x NS-Languages Module - language SQL Injection

PostNuke 0.6x0.7x NS-Languages Module - language SQL Injection source: https://www.securityfocus.com/bid/16752/info PostNuke is prone to multiple input-validation vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. Successful exploitation...

[eVuln] Time Tracking Software Multiple Vulnerabilities

New eVuln Advisory: Time Tracking Software Multiple Vulnerabilities http://evuln.com/vulns/69/summary.html --------------------Summary---------------- eVuln ID: EV0069 CVE: CVE-2006-0689 CVE-2006-0690 CVE-2006-0691 Vendor: TTS Software Software: Time Tracking Software Sowtware's Web Site:...

Magic Calendar Lite 1.02 - index.php SQL Injection

Magic Calendar Lite 1.02 - index.php SQL Injection source: https://www.securityfocus.com/bid/16734/info Magic Calendar Lite is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries...

MyBB < 1.04 misc.php SQLi

The version of MyBB installed on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input to the comma variable via the 'comma' parameter in a cookie. If PHP's 'registerglobals' setting is enabled, a remote, unauthenticated attacker can...

MyBB 1.0.3 - private.php Multiple SQL Injections

MyBB 1.0.3 - private.php Multiple SQL Injections source: https://www.securityfocus.com/bid/16678/info MyBB is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation can allow an attack...

DELTAScripts PHP Classifieds 6.20 - Member_Login.php SQL Injection

DELTAScripts PHP Classifieds 6.20 - MemberLogin.php SQL Injection source: https://www.securityfocus.com/bid/16642/info PHP Classifieds is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL...

Lawrence Osiris DB_eSession 1.0.2 - Class SQL Injection

Lawrence Osiris DBeSession 1.0.2 - Class SQL Injection source: https://www.securityfocus.com/bid/16598/info DBeSession is prone to an SQL-injection vulnerability. The application fails to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an...

XMB Forum 1.8/1.9 - &#039;u2u.php?Username&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/16604/info XMB Forum is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. Successful exploits of these vulnerabilities could...

HiveMail 1.2.2/1.3 - &#039;addressbook.update.php?contactgroupid&#039; Arbitrary PHP Command Execution

source: https://www.securityfocus.com/bid/16591/info HiveMail is prone to multiple vulnerabilities. These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection. The PHP code-execution issues are the result of an input-validation error that...

HiveMail 1.2.2/1.3 - &#039;folders.update.php?folderid&#039; Arbitrary PHP Command Execution

source: https://www.securityfocus.com/bid/16591/info HiveMail is prone to multiple vulnerabilities. These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection. The PHP code-execution issues are the result of an input-validation error that...

vwdev - index.php SQL Injection

vwdev - index.php SQL Injection source: https://www.securityfocus.com/bid/16547/info The vwdev application is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Successful exploitation can allow an attacker to bypas...

Webeveyn Whomp! Real Estate Manager 2005 - Login SQL Injection

Webeveyn Whomp! Real Estate Manager 2005 - Login SQL Injection source: https://www.securityfocus.com/bid/16544/info Whomp! Real Estate Manager is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in ...

vwdev - &#039;index.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/16547/info The vwdev application is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Successful exploitation can allow an attacker to bypass authentication, modify data, o...

MyBB 1.0.3 - &#039;moderation.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/16538/info MyBB is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input. Successful exploitation can allow an attacker to bypass authentication and gain administrative access to a site, modify data...

MyBB 1.0.3 - moderation.php SQL Injection

MyBB 1.0.3 - moderation.php SQL Injection source: https://www.securityfocus.com/bid/16538/info MyBB is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input. Successful exploitation can allow an attacker to bypass authentication and gain...

GAs Forum Light - Archive.asp SQL Injection

GAs Forum Light - Archive.asp SQL Injection source: https://www.securityfocus.com/bid/16563/info GA's Forum Light is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...