32 matches found
EUVD-2009-1314
Malware in sbrugna...
EUVD-2009-1313
Malware in sbrugna...
EUVD-2008-2486
Malware in sbrugna...
ablespace 1.0 (xss/bsql) Multiple Vulnerabilities
No description provided by source. riginal advisory: http://dsecrg.com/pages/vul/show.php?id=137 Digital Security Research Group DSecRG Advisory DSECRG-09-037 Application: AbleSpace Versions Affected: 1.0 Vendor URL: http://abk-soft.com/ Bugs: Multiple Blind SQL Injections, Multiple XSS Exploits:...
AbleSpace 1.0 'adv_cat.php' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30864/info AbleSpace is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser...
AbleSpace 1.0 - 'adv_cat.php' SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/29369/info AbleSpace is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
AbleSpace 1.0 - news.php SQL Injection
AbleSpace 1.0 - news.php SQL Injection source: https://www.securityfocus.com/bid/41139/info AbleSpace is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromis...
AbleSpace 1.0 - 'news.php' SQL Injection
source: https://www.securityfocus.com/bid/41139/info AbleSpace is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify dat...
AbleSpace Script 1.0 SQL Injection
Exploit Title: AbleSpace script SQL injection Vulnerability Date: 24/06/2010 Author: JaMbA Script url: http://www.abk-soft.com/matchmakingsoftwaredemo.html Version: AbleSpace 1.0 Tested on: Windows CVE : ::::::::::::::::::::::::: ::::::::::::::::::::::::: =================Exploit====== ==========...
AbleSpace多个跨站脚本及SQL注入漏洞
BUGTRAQ ID: 34512 AbleSpace是一款在线社区、社交软件。 AbleSpace中的多个模块存在多个输入验证错误,远程用户可以通过提交恶意请求执行脚本注入、SQL注入和跨站脚本攻击。 1 没有正确地验证对eventsview.php模块中eid参数所传送的输入,以及对eventsclndrview.php模块中id参数所传送的输入,远程攻击者可以执行SQL注入攻击。 2 没有正确地验证对groupsprofile.php模块的gid参数及advcat.php模块的catid和razdid参数所传送的输入,远程攻击者可以在用户浏览器会话中注入并执行任意HTML和脚本代码...
CVE-2009-1316
Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 eid parameter to eventsview.php and the 2 id parameter to eventsclndrview.php...
CVE-2009-1315
Multiple cross-site scripting XSS vulnerabilities in AbleSpace 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 gid parameter to groupsprofile.php, 2 catid and 3 razdid parameters to advcat.php, and the 4 URL to blogsfull.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in AbleSpace 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 gid parameter to groupsprofile.php, 2 catid and 3 razdid parameters to advcat.php, and the 4 URL to blogsfull.php...
CVE-2009-1316
Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 eid parameter to eventsview.php and the 2 id parameter to eventsclndrview.php...
CVE-2009-1315
Multiple cross-site scripting XSS vulnerabilities in AbleSpace 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 gid parameter to groupsprofile.php, 2 catid and 3 razdid parameters to advcat.php, and the 4 URL to blogsfull.php...
CVE-2009-1316
CVE-2009-1316 affects AbleSpace 1.0 and involves SQL injection in web endpoints: events_view.php (parameter eid) and events_clndr_view.php (parameter id). Root cause is unsanitized user input leading to arbitrary SQL execution. Documented base score is 7.5 (HIGH) with network attack vector, low a...
CVE-2009-1315
CVE-2009-1315 describes multiple cross-site scripting (XSS) vulnerabilities in AbleSpace 1.0. The issue allows remote attackers to inject arbitrary web script or HTML via: (1) gid parameter in groups_profile.php, (2) cat_id and (3) razd_id parameters in adv_cat.php, and (4) the URL parameter to b...
AbleSpace 1.0 SQL Injection
original advisory: http://dsecrg.com/pages/vul/show.php?id=137 Digital Security Research Group DSecRG Advisory DSECRG-09-037 Application: AbleSpace Versions Affected: 1.0 Vendor URL: http://abk-soft.com/ Bugs: Multiple Blind SQL Injections, Multiple XSS Exploits: YES Reported: 18.03.2009 Vendor...
AbleSpace 1.0 (XSS/BSQL) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ======================================================== AbleSpace 1.0 XSS/BSQL Multiple Remote Vulnerabilities ======================================================== riginal advisory: http://dsecrg.com/pages/vul/show.php?id=137 Digital...
AbleSpace 1.0 (XSS/BSQL) Multiple Remote Vulnerabilities
No description provided by source. riginal advisory: http://dsecrg.com/pages/vul/show.php?id=137 Digital Security Research Group DSecRG Advisory DSECRG-09-037 Application: AbleSpace Versions Affected: 1.0 Vendor URL: http://abk-soft.com/ Bugs: Multiple Blind SQL Injections, Multiple XSS Exploits:...