1225 matches found
CVE-2009-0545 — ZeroShell Remote Code Execution
cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action. Recent assessments: hrbrmstr at September 10, 2020 2:42pm UTC reported: MSF module — Assessed Attacker Value: 5...
SunByte e-Flower - id SQL Injection
SunByte e-Flower - id SQL Injection =========================================================== SunByte e-Flower SQL Injection Attack by W4RL0CK =========================================================== VENDOR: Sunbyte URL: http://www.sunbyte.net/ APP: Sunbyte e-Flower eCommerce webapp APP SITE...
SunByte e-Flower - 'id' SQL Injection
=========================================================== SunByte e-Flower SQL Injection Attack by W4RL0CK =========================================================== VENDOR: Sunbyte URL: http://www.sunbyte.net/ APP: Sunbyte e-Flower eCommerce webapp APP SITE:...
SunByte e-Flower (id) Remote SQL Injection Vulnerability
No description provided by source. =========================================================== SunByte e-Flower SQL Injection Attack by W4RL0CK =========================================================== VENDOR: Sunbyte URL: http://www.sunbyte.net/ APP: Sunbyte e-Flower eCommerce webapp APP SITE:...
Gentoo Security Advisory GLSA 200506-13 (webapp-config)
The remote host is missing updates announced in advisory GLSA 200506-13. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200501-12 (tikiwiki)
The remote host is missing updates announced in advisory GLSA 200501-12. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200506-13 (webapp-config)
The remote host is missing updates announced in advisory GLSA 200506-13. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Gentoo Security Advisory GLSA 200506-20 (cacti)
The remote host is missing updates announced in advisory GLSA 200506-20. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ImageAlbum Remote SQL Injection Vulnerabilities
ImageAlbum Remote SQL Injection Vulnerabilities ------------------------------------------------------------------------- Product: ImageAlbum Version: Latest 2.0.0b2, others not tested Vendor: http://imagealbum.sourceforge.net/ Date: 01/10/08 - Introduction ImageAlbum is a web application written...
bwired - index.php?newsID SQL Injection
bwired - index.php?newsID SQL Injection / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ Program Title bwired - Remote SQL Injection Note There is also XSS, PHPSESSID session fixation, and cookie manipulation which I...
bwired (index.php newsID) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ============================================================ bwired index.php newsID Remote SQL Injection Vulnerability ============================================================ / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ ...
Pluxml Images.PHP远程文件包含漏洞
Eva-Web是一款基于PHP的WEB应用程序。 Eva-Web不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Index.PHP3'脚本对用户提交的WEB参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 SPIP-Education EVA-Web 2.1.2 SPIP-Education EVA-Web 2.2 SPIP-Education EVA-Web 2.1 SPIP-Education EVA-Web 2.0 目前没有详细解决方案提供:...
Design/Logic Flaw
The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain 1 non-printing characters, 2 certain printing characters that do not commonly occur in URLs, or 3 invalid URL encoding sequences, which has unknown impact and remote...
CVE-2007-3421
The 1 login, 2 admin profile edit, 3 reminder, 4 edit profile, 5 profile view, 6 gallery view, 7 gallery comment, and 8 gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors...
Design/Logic Flaw
cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the 1 imview2 or 2 imview3 function reads a an internal IM, or a message from a b guest or c removed member, which has unknown impact and...
CVE-2007-3417
Multiple cross-site scripting XSS vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the 1 processsearch or 2...
Design/Logic Flaw
The 1 login, 2 admin profile edit, 3 reminder, 4 edit profile, 5 profile view, 6 gallery view, 7 gallery comment, and 8 gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors...
Default credentials
The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the 1 username, 2 password, 3 usertheme, and 4 userlang cookies for unauthorized users, which has unknown impact and remote attack vectors...
CVE-2007-3422
The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain 1 non-printing characters, 2 certain printing characters that do not commonly occur in URLs, or 3 invalid URL encoding sequences, which has unknown impact and remote...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the administration of 1 polls, 2 profiles, 3 IP bans, and 4 forums in a web-app.org WebAPP 0.8 through 0.9.9.6; and b web-app.net WebAPP 0.9.9.3.3, 0.9.9.3.4, and 2007; allow remote attackers to perform deletions as administrators...