Lucene search
+L

120 matches found

NVD
NVD
added 2008/09/25 7:25 p.m.17 views

CVE-2008-4241

SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via an SID cookie...

7.5CVSS8.4AI score0.01042EPSS
Exploits0References5
Prion
Prion
added 2008/09/25 7:25 p.m.11 views

Sql injection

SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via an SID cookie...

7.5CVSS9.1AI score0.01042EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2008/09/25 7:0 p.m.37 views

CVE-2008-4241

CVE-2008-4241 affects CJ Ultra Plus 1.0.4 and earlier. Affected component: the application's SID cookie handling enables SQL injection, allowing remote attackers to execute arbitrary SQL commands. Documented impact aligns with partial confidentiality, integrity, and availability exposure (CVSS v2...

7.5CVSS8.4AI score0.01042EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2008/09/25 7:0 p.m.21 views

CVE-2008-4241

SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via an SID cookie...

8.4AI score0.01042EPSS
Exploits0References5
exploitpack
exploitpack
added 2008/09/22 12:0 a.m.33 views

CJ Ultra Plus 1.0.4 - Cookie SQL Injection

CJ Ultra Plus 1.0.4 - Cookie SQL Injection !/usr/bin/perl CJ Ultra Plus GretzZz 2: pronoobz.org - Wesker, China Sun and all other memberZz "SID='UNION SELECT b12 from settings/"; $ua = LWP::UserAgent-new; $ua-timeout10; $ua-envproxy; $ua-agent"Mozilla/5.0 Windows; U; Windows NT 5.1; nl; rv:1.8.1....

0.5AI score
Exploits0
seebug.org
seebug.org
added 2006/12/12 12:0 a.m.47 views

CJ Tag Board User-Agent PHP注入漏洞

CJ Tag Board是一款基于PHP的论坛程序。 CJ Tag Board不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题一是tag.php脚本对"User-Agent" HTTP头数据缺少过滤,可导致任意PHP代码注入,并通过请求all.php脚本执行。 问题二是adminindex.php脚本对用户提交的"banned"参数缺少过滤,可导致任意PHP代码注入。 CJ Tag Board 3.0 http://www.scriptsearch.com/cgi-bin/jump.cgi?ID=10068...

7AI score
Exploits0
seebug.org
seebug.org
added 2006/10/25 12:0 a.m.21 views

CJ Tag Board PHP远程代码注入漏洞

CJ Tag Board是一款简单易用的网站管理脚本。 CJ Tag Board中存在两个输入验证错误,可能允许恶意攻击者完全入侵有漏洞的系统: 1 在存储前没有正确过滤对tag.php中User-Agent HTTP头的输入,允许注入任意PHP代码。当用户请求all.php脚本时就会执行这些代码。 2 在存储前没有正确过滤对adminindex.php中banned参数的输入,允许注入任意PHP代码。但利用这个漏洞需要管理用户权限。 CJ Website Design CJ Tag Board 3.0...

7.1AI score
Exploits0
CVE
CVE
added 2006/09/14 9:0 p.m.34 views

CVE-2006-4797

CVE-2006-4797 describes a cross-site scripting (XSS) vulnerability in CloudNine Interactive CJ Tag Board 3.0 . The flaw occurs in the tag.php handler, where an attacker can inject arbitrary web script or HTML by abusing a JavaScript event in a url BBcode tag within the cjmsg parameter. This is a ...

4.3CVSS5.8AI score0.01128EPSS
Exploits0References5Affected Software1
securityvulns
securityvulns
added 2006/09/14 12:0 a.m.41 views

[eVuln] CJ Tag Board XSS Vulnerability

New eVuln Advisory: CJ Tag Board XSS Vulnerability http://evuln.com/vulns/137/summary.html --------------------Summary---------------- eVuln ID: EV0137 Vendor: CloudNine Interactive Vendor's Web Site: http://www.cloudnineinteractive.co.uk/ Software: Tag Board Sowtware's Web Site:...

0.3AI score
Exploits0
NVD
NVD
added 2006/08/30 1:4 a.m.24 views

CVE-2006-4451

Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the 1 User-Agent HTTP header in tag.php, which is executed by all.php, and 2 the banned parameter in adminindex.php...

7.5CVSS7.8AI score0.01484EPSS
Exploits0References4
CVE
CVE
added 2006/08/30 1:0 a.m.42 views

CVE-2006-4451

CVE-2006-4451 affects CJ Tag Board 3.0, with a direct static code injection flaw allowing remote PHP code execution. The vulnerability arises from two input vectors: (1) the User-Agent HTTP header in tag.php (executed by all.php) and (2) the banned parameter in admin_index.php. This results in ar...

7.5CVSS8.2AI score0.01484EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2006/08/30 1:0 a.m.27 views

CVE-2006-4451

Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the 1 User-Agent HTTP header in tag.php, which is executed by all.php, and 2 the banned parameter in adminindex.php...

7.8AI score0.01484EPSS
Exploits0References4
securityvulns
securityvulns
added 2005/09/28 12:0 a.m.16 views

[SA16963] CJ Web2Mail Cross-Site Scripting Vulnerabilities

TITLE: CJ Web2Mail Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA16963 VERIFY ADVISORY: http://secunia.com/advisories/16963/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: CJ Web2Mail 3.x http://secunia.com/product/5771/ DESCRIPTION: Psymera has...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2005/09/28 12:0 a.m.44 views

[SA16970] CJ LinkOut "123" Cross-Site Scripting Vulnerability

TITLE: CJ LinkOut "123" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA16970 VERIFY ADVISORY: http://secunia.com/advisories/16970/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: CJ LinkOut 1.x http://secunia.com/product/5770/ DESCRIPTION: Psymera has...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2005/09/10 12:0 a.m.40 views

Cj Desing Three Aplications One Bug

Psymera Advisory 1 CjTagBoard 3.0 - CjLinkOut 1.0 - CjWeb2Mail 3.0 Software: CjTagBoard CjLinkOut CjWeb2Mail Versions: CjTagBoard =3.0 CjLinkOut =1.0 CjWeb2Mail =3.0 Language: PHP Type: Cross Side Script Risc: Low Examples: A CjTagBoard XSS B CjLinkOut XSS C CjWeb2Mail XSS Exploitation: remote...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2005/08/06 12:0 a.m.31 views

cjultraSQL.txt

ADVISORY Sql Injection in CJ Ultra Plus v1.0.3-1.0.4? "My God, it's full of stars" - c MwNN Vulnerable code is in out.php ... if isset$perm $query = "select a1, a2 from trade where a1 = '$perm'"; So... Exploit:...

7.4AI score
Exploits0
CVE
CVE
added 2005/05/11 4:0 a.m.45 views

CVE-2005-1506

CJ Ultra (CJUltra) Plus versions 1.0.3 and 1.0.4 are affected by a SQL injection in out.php that allows remote attackers to modify/ retrieve data via the perm parameter. The root cause is improper handling of user-supplied input in the SQL query constructed in out.php. The available sources do no...

7.5CVSS8.8AI score0.01027EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2005/05/11 4:0 a.m.16 views

CVE-2005-1506

SQL injection vulnerability in out.php in CJ Ultra CJUltra Plus 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via the perm parameter...

8.4AI score0.01027EPSS
Exploits0References2
securityvulns
securityvulns
added 2005/05/07 12:0 a.m.85 views

Sql Injection in CJ Ultra Plus v1.0.3-1.0.4

ADVISORY Sql Injection in CJ Ultra Plus v1.0.3-1.0.4? "My God, it's full of stars" - c MwNN Vulnerable code is in out.php ---code begin-- ... if isset$perm $query = "select a1, a2 from trade where a1 = '$perm'"; -muhahaha $result = mysqlquery$query; if!$result errormessagesqlerror; ... ---code...

2.1AI score
Exploits0
Exploit DB
Exploit DB
added 2005/05/06 12:0 a.m.34 views

CJ Ultra Plus 1.0.3/1.0.4 - 'OUT.php' SQL Injection

source: https://www.securityfocus.com/bid/13533/info CJ Ultra Plus is prone to an SQL injection vulnerability. This issue affects the 'out.php' script and could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks...

7.4AI score
Exploits0
Rows per page
Query Builder