17 matches found
EUVD-2006-4269
Malware in sbrugna...
EUVD-2006-1425
Malware in sbrugna...
EUVD-2007-3557
Malware in sbrugna...
Sql injection
Multiple SQL injection vulnerabilities in akocomment allow remote attackers to execute arbitrary SQL commands via the 1 acparentid or 2 acitemid parameter to an unspecified component, different vectors than CVE-2006-1421...
CVE-2007-3573
Multiple SQL injection vulnerabilities in akocomment allow remote attackers to execute arbitrary SQL commands via the 1 acparentid or 2 acitemid parameter to an unspecified component, different vectors than CVE-2006-1421...
CVE-2007-3573
CVE-2007-3573 affects the AkoComment 2.0 module for Mambo. The vulnerability is SQL injection via parameters acname or contentid, arising when magic_quotes_gpc is disabled. Remote attackers could execute arbitrary SQL commands. Public references (NVD/CVE records) describe the issue across multipl...
CVE-2007-3573
Multiple SQL injection vulnerabilities in akocomment allow remote attackers to execute arbitrary SQL commands via the 1 acparentid or 2 acitemid parameter to an unspecified component, different vectors than CVE-2006-1421...
akocomment SQL INJECTION (all version)
$query2 = "INSERT INTO akocomment SET parentid='$acparentid', contentid='$contentid', ip='$ip', name='$acname', title='$title', comment='$comment', date='$date', published='$acautopublish';"; there are two SQL injection. POC: INPUT TYPE='hidden' NAME='acitemid' value='9'INPUT TYPE='hidden'...
Mambo AkoComment Module mosConfig_absolute_path远程文件包含漏洞
Mambo AkoComment是一款基于PHP的WEB应用程序。 Mambo AkoComment不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'akocomments.php'脚本对用户提交的'mosConfigabsolutepath'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 Arthur Konze WebDesign AkoComment 1.1 http://www.konze.de/...
CVE-2006-4281
PHP remote file inclusion vulnerability in akocomments.php in AkoComment 1.1 module comakocomment for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...
CVE-2006-4281
CVE-2006-4281 describes a PHP remote file inclusion vulnerability in the AkoComment 1.1 module (com_akocomment) for Mambo 4.5. The flaw allows an attacker to cause remote PHP code execution via a URL supplied to the mosConfig_absolute_path parameter in akocomments.php. This is a vulnerability in ...
CVE-2006-4281
PHP remote file inclusion vulnerability in akocomments.php in AkoComment 1.1 module comakocomment for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...
CVE-2006-1421
Multiple SQL injection vulnerabilities in akocomment.php in AkoComment 2.0 module for Mambo, with magicquotesgpc disabled, allow remote attackers to execute arbitrary SQL commands via the 1 acname or 2 contentid parameter...
CVE-2006-1421
CVE-2006-1421 affects the AkoComment 2.0 module for Mambo. The vulnerability is a SQL injection in the file akocomment.php, exploitable via the acname or contentid parameters when magic_quotes_gpc is disabled. Impact is described as remote code execution of arbitrary SQL commands, with a CVSSv2 b...
CVE-2006-1421
Multiple SQL injection vulnerabilities in akocomment.php in AkoComment 2.0 module for Mambo, with magicquotesgpc disabled, allow remote attackers to execute arbitrary SQL commands via the 1 acname or 2 contentid parameter...
[SA19392] Mambo AkoComment Module SQL Injection Vulnerabilities
TITLE: Mambo AkoComment Module SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA19392 VERIFY ADVISORY: http://secunia.com/advisories/19392/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: AkoComment 2.x module for Mambo http://secunia.com/product/8985/...
AkoComment SQL injection vulnerability
AkoComment is a well known and widely used add-on for the Mambo and Joomla Content Management Systems. It allows users to post comments to articles. AkoComment 2.0 suffers from an SQL injection vulnerability components/comakocomment/akocomment.php: Clear any HTML and SQL injections $title =...