4 matches found
EUVD-2006-4451
Malware in sbrugna...
JetStat JS ASP Faq Manager SQL注入漏洞
JetStat JS ASP Faq Manager是一款基于PHP的FAQ管理程序。 JetStat JS ASP Faq Manager不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是由于多个脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 JetStat JS ASP Faq Manager 1.10 http://www.jetstat.com/asp/faq/...
CVE-2006-4590
SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP Faq Manager 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2006-4463. NOTE: the provenance of this information is unknown; the details are obtained...
CVE-2006-4463
CVE-2006-4463 : SQL injection vulnerability in the administrator control panel of Jetstat.com JS ASP Faq Manager 1.10 and earlier, allowing remote attackers to execute arbitrary SQL commands through the pwd parameter (.password field). Connected records also show a related, different-vector CVE-2...