12 matches found
EUVD-2006-4656
Malware in sbrugna...
AckerTodo 4.0 Index.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19894/info AckerTodo is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue would allow an attacker to steal cookie-based credentials and to...
AckerTodo 4.2 Login.PHP Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/20372/info ackerTodo is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker t...
ackerTodo42.txt
ackerTodo 4.2 SQL Injection vendor: http://ackertodo.sourceforge.net/site2/index.html File: gadget/login.php Exploiting this issue could allow an attacker to access sensible data. Vuln code: $userlogin = trim$REQUEST'uplogin'; $userpass = trim$REQUEST'uppass'; $numtasks = trim$REQUEST'upnumtasks'...
CVE-2006-5228
CVE-2006-5228 refers to multiple SQL injection vulnerabilities in the Google Gadget login.php (gadget/login.php) for Rob Hensley appckerTodo 4.2 and earlier. The vulnerable component is the login script (up_login, up_pass, up_num_tasks parameters) that allows remote attackers to execute arbitrary...
AckerTodo 4.2 - 'login.php' Multiple SQL Injections
source: https://www.securityfocus.com/bid/20372/info ackerTodo is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the application, acce...
AckerTodo 4.2 - login.php Multiple SQL Injections
AckerTodo 4.2 - login.php Multiple SQL Injections source: https://www.securityfocus.com/bid/20372/info ackerTodo is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could all...
CVE-2006-4668
CVE-2006-4668 describes an XSS in Rob Hensley AckerTodo 4.0. The vulnerability resides in index.php where the task_id parameter used in an edit_task command can be exploited by remote attackers to inject arbitrary web script or HTML. Public references confirm the affected component as AckerTodo 4...
ackertodo.txt
index.php?cmd=edittask&taskid="document.writedocument.cookie; AckerTodo use Cookies! You can Get!! Greetings: Securitydot, WarezWorld, Under-Attack, Opensource and all my friends...
XSS in AckerTodo v4.0
index.php?cmd=edittask&taskid="scriptdocument.writedocument.cookie;/script AckerTodo use Cookies! You can Get!! Greetings: Securitydot, WarezWorld, Under-Attack, Opensource and all my friends...
AckerTodo 4.0 - index.php Cross-Site Scripting
AckerTodo 4.0 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/19894/info AckerTodo is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue would allow an attacker to steal cookie-based...
AckerTodo 4.0 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/19894/info AckerTodo is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue would allow an attacker to steal cookie-based credentials and to launch other attacks. Version 4.0 is...