32 matches found
EUVD-2009-1314
Malware in sbrugna...
EUVD-2008-2486
Malware in sbrugna...
EUVD-2009-1313
Malware in sbrugna...
AbleSpace 1.0 - 'adv_cat.php' SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/29369/info AbleSpace is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
AbleSpace 1.0 'adv_cat.php' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30864/info AbleSpace is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser...
ablespace 1.0 (xss/bsql) Multiple Vulnerabilities
No description provided by source. riginal advisory: http://dsecrg.com/pages/vul/show.php?id=137 Digital Security Research Group DSecRG Advisory DSECRG-09-037 Application: AbleSpace Versions Affected: 1.0 Vendor URL: http://abk-soft.com/ Bugs: Multiple Blind SQL Injections, Multiple XSS Exploits:...
AbleSpace 1.0 - 'news.php' SQL Injection
source: https://www.securityfocus.com/bid/41139/info AbleSpace is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify dat...
AbleSpace 1.0 - news.php SQL Injection
AbleSpace 1.0 - news.php SQL Injection source: https://www.securityfocus.com/bid/41139/info AbleSpace is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromis...
AbleSpace Script 1.0 SQL Injection
Exploit Title: AbleSpace script SQL injection Vulnerability Date: 24/06/2010 Author: JaMbA Script url: http://www.abk-soft.com/matchmakingsoftwaredemo.html Version: AbleSpace 1.0 Tested on: Windows CVE : ::::::::::::::::::::::::: ::::::::::::::::::::::::: =================Exploit====== ==========...
AbleSpace多个跨站脚本及SQL注入漏洞
BUGTRAQ ID: 34512 AbleSpace是一款在线社区、社交软件。 AbleSpace中的多个模块存在多个输入验证错误,远程用户可以通过提交恶意请求执行脚本注入、SQL注入和跨站脚本攻击。 1 没有正确地验证对eventsview.php模块中eid参数所传送的输入,以及对eventsclndrview.php模块中id参数所传送的输入,远程攻击者可以执行SQL注入攻击。 2 没有正确地验证对groupsprofile.php模块的gid参数及advcat.php模块的catid和razdid参数所传送的输入,远程攻击者可以在用户浏览器会话中注入并执行任意HTML和脚本代码...
CVE-2009-1315
Multiple cross-site scripting XSS vulnerabilities in AbleSpace 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 gid parameter to groupsprofile.php, 2 catid and 3 razdid parameters to advcat.php, and the 4 URL to blogsfull.php...
CVE-2009-1316
Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 eid parameter to eventsview.php and the 2 id parameter to eventsclndrview.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in AbleSpace 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 gid parameter to groupsprofile.php, 2 catid and 3 razdid parameters to advcat.php, and the 4 URL to blogsfull.php...
CVE-2009-1316
Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 eid parameter to eventsview.php and the 2 id parameter to eventsclndrview.php...
CVE-2009-1316
CVE-2009-1316 affects AbleSpace 1.0 and involves SQL injection in web endpoints: events_view.php (parameter eid) and events_clndr_view.php (parameter id). Root cause is unsanitized user input leading to arbitrary SQL execution. Documented base score is 7.5 (HIGH) with network attack vector, low a...
CVE-2009-1315
Multiple cross-site scripting XSS vulnerabilities in AbleSpace 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 gid parameter to groupsprofile.php, 2 catid and 3 razdid parameters to advcat.php, and the 4 URL to blogsfull.php...
CVE-2009-1315
CVE-2009-1315 describes multiple cross-site scripting (XSS) vulnerabilities in AbleSpace 1.0. The issue allows remote attackers to inject arbitrary web script or HTML via: (1) gid parameter in groups_profile.php, (2) cat_id and (3) razd_id parameters in adv_cat.php, and (4) the URL parameter to b...
AbleSpace 1.0 SQL Injection
original advisory: http://dsecrg.com/pages/vul/show.php?id=137 Digital Security Research Group DSecRG Advisory DSECRG-09-037 Application: AbleSpace Versions Affected: 1.0 Vendor URL: http://abk-soft.com/ Bugs: Multiple Blind SQL Injections, Multiple XSS Exploits: YES Reported: 18.03.2009 Vendor...
AbleSpace 1.0 (XSS/BSQL) Multiple Remote Vulnerabilities
No description provided by source. riginal advisory: http://dsecrg.com/pages/vul/show.php?id=137 Digital Security Research Group DSecRG Advisory DSECRG-09-037 Application: AbleSpace Versions Affected: 1.0 Vendor URL: http://abk-soft.com/ Bugs: Multiple Blind SQL Injections, Multiple XSS Exploits:...
[DSECRG-09-037] abk-soft AbleSpace CMS 1.0 - Multiple security vulnerabilities
original advisory: http://dsecrg.com/pages/vul/show.php?id=137 Digital Security Research Group DSecRG Advisory DSECRG-09-037 Application: AbleSpace Versions Affected: 1.0 Vendor URL: http://abk-soft.com/ Bugs: Multiple Blind SQL Injections, Multiple XSS Exploits: YES Reported: 18.03.2009 Vendor...