3 matches found
EUVD-2006-0131
Malware in sbrugna...
ADN Forum 1.0b - Insecure Cookie Handling
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- adnforum eNYe-Sec - www.enye-sec.org Cookie is base64 based and the ascii format used is: user:23ed4e45887ad4311ff654bd4aab6540:user:0 user:md5 pass:user:0 Programmer forgot to check the pass and only use the nick to autenticate the user...
CVE-2006-0124
CVE-2006-0124 describes a cross-site scripting (XSS) vulnerability in the ADN Forum 1.0b product, specifically in the crear.php script. The issue arises from the titulo parameter, used for the “Topic name” field, allowing remote attackers to inject arbitrary web script or HTML. The available reco...