19 matches found
EUVD-2006-5494
Malware in sbrugna...
EUVD-2006-5493
Malware in sbrugna...
EUVD-2005-0285
Malware in sbrugna...
WoltLab Burning Book <= 1.1.2 - Remote SQL Injection
No description provided by source. !/usr/bin/perl woltlab.de burning book =1.1.2 SQL and PHP injection PoC use /index.php?q=phpinfo;exit; ShAnKaR secAshankar.antichat.ru http://antichat.ru/ use LWP; dieuse ./burn-book.pl http://localhost/wbbook/ 1number book db, default 1\n if !$ARGV0;$ARGV1='' i...
CVE-2006-5508
Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via 1 the n parameter and 2 the User-Agent HTTP header...
CVE-2006-5509
Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter...
CVE-2006-5508
Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via 1 the n parameter and 2 the User-Agent HTTP header...
CVE-2006-5509
The CVE concerns WoltLab Burning Book 1.1.2, where an eval injection vulnerability in addentry.php allows remote code execution. The issue arises when crafted POST data stores PHP code in the database, which is later processed by eval. The exploitation path is demonstrated via SQL injection throu...
CVE-2006-5508
The CVE-2006-5508 entry relates to WoltLab Burning Book 1.1.2, where multiple SQL injection vulnerabilities exist in addentry.php. The root cause is improper handling of input in the addentry functionality, allowing attackers to craft requests via the n parameter and the User-Agent HTTP header to...
WoltLab-bb-1.1.2.txt
Hello bugtraq, ShAnKaR sec at shankar.antichat.ru reports multiple vulnerabilities in WoltLab Burning Book. Original message in Russian is available from http://www.security.nnov.ru/Odocument711.html Short translation: Author: ShAnKaR sec at shankar.antichat.ru Vendor: woltlab.de Tested version:...
многочисленные уязвимости в WoltLab Burning Book <=1.1.2
сайт прозводителя: woltlab.de уязвима версия 1.1.2 и возможно более раннии уязвимость носит критический характер файл addentry.php движка содержит код: whilelist$key,$val=each$POST $$key=$val; данные переданные методом POST не проверяются, в результате чего имеется возможность подменить глобальны...
WoltLab Burning Book <= 1.1.2 Remote SQL Injection Exploit PoC
No description provided by source. !/usr/bin/perl woltlab.de burning book =1.1.2 SQL and PHP injection PoC use /index.php?q=phpinfo;exit; ShAnKaR secAshankar.antichat.ru http://antichat.ru/ use LWP; die"use ./burn-book.pl http://localhost/wbbook/ 1number book db, default 1\n" if !$ARGV0;$ARGV1=''...
WoltLab Burning Book <= 1.1.2 Remote SQL Injection Exploit PoC
Exploit for unknown platform in category web applications ============================================================== WoltLab Burning Book new; $ua-post$ARGV0.'/addentry.php',regimage=0,send='send',name=1,message=1, n=$ARGV1.'templates templateid,templatename,template VALUES...
WoltLab Burning Book 1.1.2 - SQL Injection
WoltLab Burning Book 1.1.2 - SQL Injection !/usr/bin/perl woltlab.de burning book new; $ua-post$ARGV0.'/addentry.php',regimage=0,send='send',name=1,message=1, n=$ARGV1.'templates templateid,templatename,template VALUES...
WoltLab Burning Book 1.1.2 - SQL Injection
!/usr/bin/perl woltlab.de burning book new; $ua-post$ARGV0.'/addentry.php',regimage=0,send='send',name=1,message=1, n=$ARGV1.'templates templateid,templatename,template VALUES...
CVE-2005-0284
CVE-2005-0284 describes a SQL injection vulnerability in Woltlab Burning Book 1.0 Gold and 1.1.1e (and possibly other versions) where the addentry.php script mishandles the user-agent parameter, allowing remote attackers to execute arbitrary SQL commands. The provided sources state the affected c...
CVE-2005-0284
SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter...
Woltlab Burning Book addentry.php SQL Injection
Advisory Information -------------------- Advisory name : Woltlab Burning Book addentry.php SQL Injection Discovered by : drhankey / it-security23.net Vendor Name : Woltlab Vendor Homepage : http://www.woltlab.de Software : Woltlab Burning Book Lite Vulnerability Type : Cross-Site-Scripting...
CVE-2005-0284
SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter...