19 matches found
EUVD-2008-3296
Malware in sbrugna...
EUVD-2008-3293
Malware in sbrugna...
EUVD-2008-3295
Malware in sbrugna...
Remote file inclusion
PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. Desseno YouTube Blog ytb 0.1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the basearchivo parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in mensaje.php in C. Desseno YouTube Blog ytb 0.1 allows remote attackers to inject arbitrary web script or HTML via the m parameter...
Sql injection
SQL injection vulnerability in info.php in C. Desseno YouTube Blog ytb 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3307. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2008-3307
SQL injection vulnerability in todos.php in C. Desseno YouTube Blog ytb 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3306...
Sql injection
SQL injection vulnerability in todos.php in C. Desseno YouTube Blog ytb 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3306...
CVE-2008-3305
Cross-site scripting XSS vulnerability in mensaje.php in C. Desseno YouTube Blog ytb 0.1 allows remote attackers to inject arbitrary web script or HTML via the m parameter...
CVE-2008-3308
PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. Desseno YouTube Blog ytb 0.1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the basearchivo parameter...
CVE-2008-3306
SQL injection vulnerability in info.php in C. Desseno YouTube Blog ytb 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3307. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2008-3307
CVE-2008-3307 is a SQL injection vulnerability affecting the C. Desseno YouTube Blog (ytb) 0.1 in the todos.php module. The vulnerability is triggered via the id parameter, allowing remote attackers to execute arbitrary SQL commands. This is a distinct vector from CVE-2008-3306. Connected sources...
CVE-2008-3308
PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. Desseno YouTube Blog ytb 0.1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the basearchivo parameter...
CVE-2008-3305
Cross-site scripting XSS vulnerability in mensaje.php in C. Desseno YouTube Blog ytb 0.1 allows remote attackers to inject arbitrary web script or HTML via the m parameter...
CVE-2008-3307
SQL injection vulnerability in todos.php in C. Desseno YouTube Blog ytb 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3306...
CVE-2008-3306
CVE-2008-3306 targets C. Desseno YouTube Blog (ytb) 0.1. The vulnerability is a SQL injection in info.php that allows remote attackers to execute arbitrary SQL commands via the id parameter (a vector distinct from CVE-2008-3307). Associated records indicate a second, related entry (CVE-2008-3307)...
CVE-2008-3306
SQL injection vulnerability in info.php in C. Desseno YouTube Blog ytb 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3307. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2008-3308
CVE-2008-3308 : PHP remote file inclusion in cuenta/cuerpo.php of C. Desseno YouTube Blog (ytb) 0.1. When register_globals is enabled, an attacker can provide a URL in the base_archivo parameter to execute arbitrary PHP code on the server. Affected scenario: vulnerable 0.1 with register_globals. ...
CVE-2008-3305
The CVE-2008-3305 entry describes a Cross-site Scripting (XSS) vulnerability in the C. Desseno YouTube Blog (ytb) 0.1 platform, specifically in the file mensaje.php. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the m parameter. Concrete details across conne...