12 matches found
EUVD-2009-1314
Malware in sbrugna...
EUVD-2009-1313
Malware in sbrugna...
AbleSpace 1.0 - 'news.php' SQL Injection
source: https://www.securityfocus.com/bid/41139/info AbleSpace is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify dat...
AbleSpace Script 1.0 SQL Injection
Exploit Title: AbleSpace script SQL injection Vulnerability Date: 24/06/2010 Author: JaMbA Script url: http://www.abk-soft.com/matchmakingsoftwaredemo.html Version: AbleSpace 1.0 Tested on: Windows CVE : ::::::::::::::::::::::::: ::::::::::::::::::::::::: =================Exploit====== ==========...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in AbleSpace 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 gid parameter to groupsprofile.php, 2 catid and 3 razdid parameters to advcat.php, and the 4 URL to blogsfull.php...
CVE-2009-1316
CVE-2009-1316 affects AbleSpace 1.0 and involves SQL injection in web endpoints: events_view.php (parameter eid) and events_clndr_view.php (parameter id). Root cause is unsanitized user input leading to arbitrary SQL execution. Documented base score is 7.5 (HIGH) with network attack vector, low a...
CVE-2009-1315
Multiple cross-site scripting XSS vulnerabilities in AbleSpace 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 gid parameter to groupsprofile.php, 2 catid and 3 razdid parameters to advcat.php, and the 4 URL to blogsfull.php...
CVE-2009-1315
CVE-2009-1315 describes multiple cross-site scripting (XSS) vulnerabilities in AbleSpace 1.0. The issue allows remote attackers to inject arbitrary web script or HTML via: (1) gid parameter in groups_profile.php, (2) cat_id and (3) razd_id parameters in adv_cat.php, and (4) the URL parameter to b...
CVE-2008-2491
SQL injection vulnerability in advcat.php in AbleSpace 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter...
CVE-2008-2491
SQL injection vulnerability in advcat.php in AbleSpace 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter...
CVE-2008-2491
CVE-2008-2491 corresponds to a SQL injection vulnerability in the AdvCat component of AbleSpace 1.0, specifically in adv_cat.php where the cat_id parameter is unsafely used in SQL queries. Multiple sources (NVD, CVE lists, PRION) document that remote attackers can execute arbitrary SQL commands t...
AbleSpace 1.0 - 'adv_cat.php' SQL Injection
source: https://www.securityfocus.com/bid/29369/info AbleSpace is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify dat...