163 matches found
smefilemailer-sql.txt
-=--------------------ADVISORY-------------------=- SmE FileMailer 1.21 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: SmE FileMailer -=+ Version: 1.21 -=+ Vendor's URL: http://www.scriptme.com/down/13 -=+ Platform: Windows\Linux\Unix -=+ Bu...
CVE-2007-0350
Multiple SQL injection vulnerabilities in a index.php and b dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 ps, 2 us, 3 f, or 4 code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346...
CVE-2007-0350
Multiple SQL injection vulnerabilities in a index.php and b dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 ps, 2 us, 3 f, or 4 code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346...
CVE-2007-0350
CVE-2007-0350 describes multiple SQL injection vulnerabilities in SmE FileMailer 1.21 and earlier, affecting index.php and dl.php. The flaw allows remote attackers to inject SQL via the (1) ps, (2) us, (3) f, or (4) code parameters, with the us parameter in index.php already covered by CVE-2007-0...
CVE-2007-0346
SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter...
CVE-2007-0339
SQL injection vulnerability in index.php aka the login form in Scriptme SMe FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the Password field ps parameter. NOTE: some of these details are obtained from third party information...
Sql injection
SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter...
CVE-2007-0339
SQL injection vulnerability in index.php aka the login form in Scriptme SMe FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the Password field ps parameter. NOTE: some of these details are obtained from third party information...
CVE-2007-0346
CVE-2007-0346: SQL injection vulnerability in SmE FileMailer 1.21’s index.php allows remote attackers to execute arbitrary SQL commands via the us parameter. Affected software: SmE FileMailer 1.21 (index.php). Root cause: unsafeguarded input in the us parameter enables SQL injection. Impact: pote...
CVE-2007-0339
The CVE describes a SQL injection in Scriptme SMe FileMailer 1.21 through the login form (index.php). The vulnerability allows remote attackers to execute arbitrary SQL commands via the Password field (ps parameter). Root cause is unsafe handling of input in the login process, enabling database c...
CVE-2007-0346
SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter...
Scriptme SmE File Mailer Login SQL注入漏洞
Scriptme SmE File Mailer是一款基于PHP的站点构架程序。 Scriptme SmE File Mailer不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,未授权访问应用程序。 问题是登录脚本对用户提交的密码参数缺少过滤,提交恶意SQL代码作为数据,可导致无需验证访问应用程序。 scriptme SmE File Mailer 1.21 目前没有解决方案提供: http://www.scriptme.com/ Login: admin Password: anything' OR 'x'='x...
[x0n3-h4ck] SmE FileMailer 1.21 Remote Sql Injextion Exploit
-=--------------------ADVISORY-------------------=- SmE FileMailer 1.21 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: SmE FileMailer -=+ Version: 1.21 -=+ Vendor's URL: http://www.scriptme.com/down/13 -=+ Platform: WindowsLinuxUnix -=+ Bug...
Scriptme SmE 1.21 - File Mailer Login SQL Injection
Scriptme SmE 1.21 - File Mailer Login SQL Injection source: https://www.securityfocus.com/bid/22081/info SmE File Mailer is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could...
Scriptme SmE 1.21 - File Mailer Login SQL Injection
source: https://www.securityfocus.com/bid/22081/info SmE File Mailer is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, acces...
phpPC 1.04 - Multiple Remote File Inclusions
phpPC 1.04 - Multiple Remote File Inclusions phpPC 1.04 Multiples Remote File Inclusion Script : PHP Poll Creator Version : 1.04 Vendor URL : http://www.phppc.de Impact : Remote File Inclusion Discovered by : iss4m Contact : [email protected] Vulnerable code in poll.php...
CVE-2006-0856
The CVE-2006-0856 entry describes a SQL injection in login.php of Scriptme SmE GB Host 1.21 that lets remote attackers execute arbitrary SQL and bypass authentication via the Username parameter. Affected software is Scriptme SmE GB Host 1.21; the vulnerability arises from improper handling of the...
[eVuln] SmE GB Host Authentication Bypass Vulnerability
New eVuln Advisory: SmE GB Host Authentication Bypass Vulnerability http://evuln.com/vulns/66/summary.html --------------------Summary---------------- eVuln ID: EV0066 Software: SmE GB Host Sowtware's Web Site: http://www.scriptme.com/ Versions: 1.21 Critical Level: Moderate Type: SQL Injection...
[eVuln] Scriptme products BBCode 'url' XSS Vulnerability
New eVuln Advisory: Scriptme products BBCode 'url' XSS Vulnerability http://evuln.com/vulns/65/summary.html --------------------Summary---------------- eVuln ID: EV0065 CVE: CVE-2006-0661 Vendor: Scriptme Vendor's Web Site: http://www.scriptme.com/ Software: "SmE GB Host" "SmE Blog Host" Versions...
CVE-2006-0661
Cross-site scripting XSS vulnerability in Scriptme SmE GB Host 1.21 and SmE Blog Host allows remote attackers to inject arbitrary web script or HTML via the BBcode url tag...