43 matches found
EUVD-2012-5165
Malware in sbrugna...
EUVD-2011-5076
Malware in sbrugna...
EUVD-2011-5075
Malware in sbrugna...
EUVD-2012-5167
Malware in sbrugna...
EUVD-2011-5068
Malware in sbrugna...
CVE-2011-5168
SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2011-5176
Multiple cross-site scripting XSS vulnerabilities in search.php in Banana Dance, possibly B.1.5 and earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 q or 2 category parameter...
CVE-2011-5175
SQL injection vulnerability in search.php in Banana Dance, possibly B.1.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the category parameter...
Banana Dance Wiki CMS b2.x LFI / SQL Injection
Document Title: =============== Banana Dance Wiki CMS b2.x - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1407 Release Date: ============= 2015-01-16 Vulnerability Laboratory ID VL-ID: ====================================...
Banana Dance Wiki CMS b2.x - Multiple Web Vulnerabilities
Document Title: =============== Banana Dance Wiki CMS b2.x - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1407 Release Date: ============= 2015-01-16 Vulnerability Laboratory ID VL-ID: ====================================...
CVE-2012-5242
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the name parameter in a gettemplate action...
CVE-2012-5243
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request...
CVE-2012-5243
Banana Dance B.2.6 and earlier are affected by CVE-2012-5243 (Improper Access Control). An unauthenticated remote attacker can read arbitrary data from the database via /functions/suggest.php, enabling reading of sensitive information (bd_users table per PoC). The issue is part of a set of vulner...
CVE-2012-5242
Banana Dance (Product: Banana Dance; Vendor: bananadance.org) is affected by CVE-2012-5242 and related issues in B.2.6 and earlier. The root causes include: PHP File Inclusion in functions/ajax.php/get_template flow and Directory Traversal via name parameter in get_template action; Improper Acces...
CVE-2012-5244
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 return, 2 display, 3 table, or 4 search parameter to functions/suggest.php; 5 the id parameter to functions/widgets.php, 6 the category parameter to...
CVE-2012-5244
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 return, 2 display, 3 table, or 4 search parameter to functions/suggest.php; 5 the id parameter to functions/widgets.php, 6 the category parameter to...
Sql injection
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 return, 2 display, 3 table, or 4 search parameter to functions/suggest.php; 5 the id parameter to functions/widgets.php, 6 the category parameter to...
CVE-2012-5244
Banana Dance is affected by CVE-2012-5244 and likely earlier, affecting version B.2.6 and prior. The advisory bundle shows multiple vulnerabilities in Banana Dance (Banana Dance is a PHP/MySQL app): (1) SQL Injection in /functions/suggest.php (parameters return, display, table, search), (2) SQL I...
CVE-2012-5244
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 return, 2 display, 3 table, or 4 search parameter to functions/suggest.php; 5 the id parameter to functions/widgets.php, 6 the category parameter to...
banana dance b.2.6 - Multiple Vulnerabilities
No description provided by source...