13 matches found
Alumni 1.0.8/1.0.9 - info.php id Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/29019/info Project Alumni is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow...
Cross site scripting
Cross-site scripting XSS vulnerability in pages/news.page.inc in Project Alumni 1.0.9 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a news action to index.php, a different vector than CVE-2007-6126...
CVE-2008-2118
SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter...
Sql injection
SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2008-2118
SQL injection vulnerability (CVE-2008-2118) in Project Alumni 1.0.9, specifically in info.php via the id parameter. The underlying issue allows remote attackers to execute arbitrary SQL commands. This is evidenced by multiple sources (NVD entry and associated records) confirming the flaw and impa...
CVE-2008-2118
SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2008-2117
CVE-2008-2117 is a cross-site scripting (XSS) vulnerability in Project Alumni 1.0.9. The issue affects the pages/news.page.inc component, where the year parameter in a news action to index.php can be exploited to inject arbitrary web script or HTML. This CVE is documented across multiple sources ...
CVE-2007-6184
Directory traversal vulnerability in index.php in Project Alumni 1.0.9 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the act parameter...
project alumni 1.0.9 (index.php act) Local File Inclusion Vulnerability
Exploit for unknown platform in category web applications ======================================================================= project alumni 1.0.9 index.php act Local File Inclusion Vulnerability ======================================================================= project alumni 1.0.9 remo...
project alumni 1.0.9 - index.php?act Local File Inclusion
project alumni 1.0.9 - index.php?act Local File Inclusion project alumni 1.0.9 remote file disclosure vulnerability download : https://sourceforge.net/projects/project-alumni/ vulnerable code on index.php include$SERVER'DOCUMENTROOT' . "/pages/" . $GET'act' . ".page.inc.php"; exploit :...
project alumni 1.0.9 (index.php act) Local File Inclusion Vulnerability
No description provided by source. project alumni 1.0.9 remote file disclosure vulnerability download : https://sourceforge.net/projects/project-alumni/ vulnerable code on index.php include$SERVER'DOCUMENTROOT' . "/pages/" . $GET'act' . ".page.inc.php"; exploit :...
project alumni 1.0.9 - 'index.php?act' Local File Inclusion
project alumni 1.0.9 remote file disclosure vulnerability download : https://sourceforge.net/projects/project-alumni/ vulnerable code on index.php include$SERVER'DOCUMENTROOT' . "/pages/" . $GET'act' . ".page.inc.php"; exploit : http://victim/path/index.php?act=../../../../../../etc/passwd%00...
Sql injection
Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to 1 view.page.inc.php, which is reachable through a view action to index.php; or 2 the year parameter to news.page.inc.php, which is reachabl...