11 matches found
EUVD-2012-5744
Malware in sbrugna...
CVE-2012-5866
Cross-site scripting XSS vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter...
CVE-2012-5865
SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action...
Cross site scripting
Cross-site scripting XSS vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter...
Sql injection
SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action...
CVE-2012-5866
Cross-site scripting XSS vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter...
CVE-2012-5866
CVE-2012-5866 is an XSS vulnerability in Achievo 1.4.5, caused by an input sanitation error in include.php when handling the HTTP GET parameter field. An attacker can inject arbitrary HTML/JavaScript into a user’s browser. A PoC demonstrates script execution via include.php?field=... The HTB advi...
CVE-2012-5865
CVE-2012-5865 concerns Achievo 1.4.5 where a SQL injection flaw exists in the dispatch.php script via the GET parameter activityid in the stats action. The vulnerability can be exploited by remote authenticated users to inject arbitrary SQL commands into the database, with the PoC indicating the ...
Achievo 1.4.5 LFI
Local file include vulnerability in Achievo Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...
Achievo 1.4.5 - Multiple Vulnerabilities (1)
Information -------------------- Name : XSS, LFI and SQL Injection Vulnerabilities in Achievo Software : Achievo 1.4.5 and possibly below. Vendor Homepage : http://www.achievo.org Vulnerability Type : Cross-Site Scripting, Local File Inclusion and SQL Injection Severity : Critical Researcher :...
Achievo 1.4.5 XSS / LFI / SQL Injection
Information -------------------- Name : XSS, LFI and SQL Injection Vulnerabilities in Achievo Software : Achievo 1.4.5 and possibly below. Vendor Homepage : http://www.achievo.org Vulnerability Type : Cross-Site Scripting, Local File Inclusion and SQL Injection Severity : Critical Researcher :...