14 matches found
EUVD-2019-20026
eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attackers can send GET requests to banners.php with crafted SQL payloads in the bid parameter to extra...
CVE-2019-25643 eNdonesia Portal v8.7 SQL Injection via banners.php
eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attackers can send GET requests to banners.php with crafted SQL payloads in the bid parameter to extra...
EUVD-2007-3380
Malware in sbrugna...
Cross site scripting
An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags...
CVE-2020-12438
CVE-2020-12438 affects PHP-Fusion 9.03.50, specifically the banners.php page. The vulnerability arises from insufficient input validation against XSS, where reliance on stripping only SCRIPT tags allows attackers to inject JS via HTML event handlers. Multiple connected sources (NVD, Red Hat, CNVD...
CVE-2020-12438
An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags...
eNdonesia 8.4 banners.php click Action bid Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/24590/info eNdonesia is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication...
Mambo Site Server 4.0.14 contact.php Unauthorized Mail Relay
No description provided by source. source: http://www.securityfocus.com/bid/8647/info It has been reported that Mambo Open Source Server is prone to multiple input validation vulnerabilities that may allow remote attackers to inject malicious SQL syntax into database queries and send anonymous...
PHPNuke 5.6/6.x Banners.PHP Banner Manager Password Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7170/info It has been reported that an input validation error exists in the banners.php file included with PHPNuke. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker ...
Mambo Site Server 4.0.14 emailarticle.php id Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/8647/info It has been reported that Mambo Open Source Server is prone to multiple input validation vulnerabilities that may allow remote attackers to inject malicious SQL syntax into database queries and send anonymous...
CVE-2012-6046
The CVE-2012-6046 entry concerns a static code injection in admin/banners.php of PHP Enter, allowing remote attackers to inject arbitrary PHP code into horad.php via the code parameter. Connected sources confirm the same description and indicate a high-severity impact (complete confidentiality, i...
PHP Enter 4.1.2 - banners.php PHP Code Injection
PHP Enter 4.1.2 - banners.php PHP Code Injection source: https://www.securityfocus.com/bid/53426/info PHP Enter is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may...
Sql injection
Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via the 1 artid parameter to mod.php in a viewarticle action publisher mod and the 2 bid parameter to banners.php in a click action. NOTE: the mod.php viewdisk and viewlink vectors are...
Mambo Site Server 4.0.14 - 'banners.php?bid' SQL Injection
source: https://www.securityfocus.com/bid/8647/info It has been reported that Mambo Open Source Server is prone to multiple input validation vulnerabilities that may allow remote attackers to inject malicious SQL syntax into database queries and send anonymous e-mail to arbitrary users. The...