11 matches found
EUVD-2008-6004
Malware in sbrugna...
Cross site scripting
Cross-site scripting XSS vulnerability in dispatch.php in Achievo 1.3.2-STABLE allows remote attackers to inject arbitrary web script or HTML via the atknodetype parameter...
CVE-2008-6034
Cross-site scripting XSS vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Cross site scripting
Cross-site scripting XSS vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-6035
CVE-2008-6035 is an XSS vulnerability in Achievo 1.3.2-STABLE, exposed via the atknodetype parameter in dispatch.php. The issue allows remote attackers to inject arbitrary web script or HTML. The available sources document the affected product and the vulnerability class but do not provide detail...
CVE-2008-6034
CVE-2008-6034 describes a cross-site scripting (XSS) vulnerability in the Achievo 1.3.2 web application, specifically in the file dispatch.php . The flaw is exploitable via the atkaction parameter, enabling remote attackers to inject arbitrary web script or HTML. The connected documents do not pr...
achievo-xss.txt
============================================================ Achievo-1.3.2-STABLE Cross Site Scripting XSS ============================================================ AUTHOR : ROHIT BANSAL DATE : 19th Sept,2008 Mail: RoHiTiSbAcK at GmAiL.com...
Achievo 1.3.2 - 'atknodetype' Cross-Site Scripting
source: https://www.securityfocus.com/bid/31326/info Achievo is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...
achievo-upload.txt
array"zip","doc","xls","pdf","rtf","csv","jpg","gif","jpeg","png","avi","mpg","mpeg","swf","fla", with a default configuration of this script, an attacker might be able to upload arbitrary files containing malicious PHP code due to multiple file extensions isn't properly checked / errorreporting0...
Achievo 1.3.2 - FCKeditor Arbitrary File Upload
Achievo 1.3.2 - FCKeditor Arbitrary File Upload array"zip","doc","xls","pdf","rtf","csv","jpg","gif","jpeg","png","avi","mpg","mpeg","swf","fla", with a default configuration of this script, an attacker might be able to upload arbitrary files containing malicious PHP code due to multiple file...
Achievo 1.3.2 - 'FCKeditor' Arbitrary File Upload
array"zip","doc","xls","pdf","rtf","csv","jpg","gif","jpeg","png","avi","mpg","mpeg","swf","fla", with a default configuration of this script, an attacker might be able to upload arbitrary files containing malicious PHP code due to multiple file extensions isn't properly checked / errorreporting0...