EUVD-2006-6072

Malware in sbrugna...

EUVD-2006-6073

Malware in sbrugna...

EUVD-2006-6058

Malware in sbrugna...

CVE-2006-6090

Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the 1 password parameter to a adminlogin.asp, the 2 name or 3 password parameter to b userlogin.asp, or the 3 search parameter to search.asp...

CVE-2006-6075

Cross-site scripting XSS vulnerability in addpost1.asp in BaalAsp forum allows remote attackers to inject arbitrary web script or HTML via the name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-6075

The CVE-2006-6075 entry describes a cross-site scripting (XSS) vulnerability in BaalAsp forum, specifically in addpost1.asp via the name parameter. The underlying issue is insufficient input handling that allows remote attackers to inject arbitrary script/HTML. CVSS v2 base score is 6.8 (Medium) ...

PT-2006-6735 · Baal · Baalasp Forum

Name of the Vulnerable Software and Affected Versions: BaalAsp forum affected versions not specified Description: The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The vulnerabilities can be exploited through...

PT-2006-6734 · Baalasp · Baalasp Forum

Name of the Vulnerable Software and Affected Versions: BaalAsp forum affected versions not specified Description: The issue concerns multiple cross-site scripting XSS vulnerabilities in the addpost1.asp file of the BaalAsp forum. These vulnerabilities allow remote attackers to inject arbitrary we...

baalasp.txt

vendor site:http://baalasp.com/ product:BaalAsp forum bug:login bypass, injection sql post, xss post risk:high authentification bypass : admin login bypass == /adminlogin.asp passwd: 'or''=' user login bypass == /userlogin.asp user: 'or''=' passwd: 'or''=' injection sql post == /search.asp...