120 matches found
CVE-2008-4241
SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via an SID cookie...
Sql injection
SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via an SID cookie...
CVE-2008-4241
CVE-2008-4241 affects CJ Ultra Plus 1.0.4 and earlier. Affected component: the application's SID cookie handling enables SQL injection, allowing remote attackers to execute arbitrary SQL commands. Documented impact aligns with partial confidentiality, integrity, and availability exposure (CVSS v2...
CVE-2008-4241
SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via an SID cookie...
CJ Ultra Plus 1.0.4 - Cookie SQL Injection
CJ Ultra Plus 1.0.4 - Cookie SQL Injection !/usr/bin/perl CJ Ultra Plus GretzZz 2: pronoobz.org - Wesker, China Sun and all other memberZz "SID='UNION SELECT b12 from settings/"; $ua = LWP::UserAgent-new; $ua-timeout10; $ua-envproxy; $ua-agent"Mozilla/5.0 Windows; U; Windows NT 5.1; nl; rv:1.8.1....
CJ Tag Board User-Agent PHP注入漏洞
CJ Tag Board是一款基于PHP的论坛程序。 CJ Tag Board不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题一是tag.php脚本对"User-Agent" HTTP头数据缺少过滤,可导致任意PHP代码注入,并通过请求all.php脚本执行。 问题二是adminindex.php脚本对用户提交的"banned"参数缺少过滤,可导致任意PHP代码注入。 CJ Tag Board 3.0 http://www.scriptsearch.com/cgi-bin/jump.cgi?ID=10068...
CJ Tag Board PHP远程代码注入漏洞
CJ Tag Board是一款简单易用的网站管理脚本。 CJ Tag Board中存在两个输入验证错误,可能允许恶意攻击者完全入侵有漏洞的系统: 1 在存储前没有正确过滤对tag.php中User-Agent HTTP头的输入,允许注入任意PHP代码。当用户请求all.php脚本时就会执行这些代码。 2 在存储前没有正确过滤对adminindex.php中banned参数的输入,允许注入任意PHP代码。但利用这个漏洞需要管理用户权限。 CJ Website Design CJ Tag Board 3.0...
CVE-2006-4797
CVE-2006-4797 describes a cross-site scripting (XSS) vulnerability in CloudNine Interactive CJ Tag Board 3.0 . The flaw occurs in the tag.php handler, where an attacker can inject arbitrary web script or HTML by abusing a JavaScript event in a url BBcode tag within the cjmsg parameter. This is a ...
[eVuln] CJ Tag Board XSS Vulnerability
New eVuln Advisory: CJ Tag Board XSS Vulnerability http://evuln.com/vulns/137/summary.html --------------------Summary---------------- eVuln ID: EV0137 Vendor: CloudNine Interactive Vendor's Web Site: http://www.cloudnineinteractive.co.uk/ Software: Tag Board Sowtware's Web Site:...
CVE-2006-4451
Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the 1 User-Agent HTTP header in tag.php, which is executed by all.php, and 2 the banned parameter in adminindex.php...
CVE-2006-4451
CVE-2006-4451 affects CJ Tag Board 3.0, with a direct static code injection flaw allowing remote PHP code execution. The vulnerability arises from two input vectors: (1) the User-Agent HTTP header in tag.php (executed by all.php) and (2) the banned parameter in admin_index.php. This results in ar...
CVE-2006-4451
Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the 1 User-Agent HTTP header in tag.php, which is executed by all.php, and 2 the banned parameter in adminindex.php...
[SA16963] CJ Web2Mail Cross-Site Scripting Vulnerabilities
TITLE: CJ Web2Mail Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA16963 VERIFY ADVISORY: http://secunia.com/advisories/16963/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: CJ Web2Mail 3.x http://secunia.com/product/5771/ DESCRIPTION: Psymera has...
[SA16970] CJ LinkOut "123" Cross-Site Scripting Vulnerability
TITLE: CJ LinkOut "123" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA16970 VERIFY ADVISORY: http://secunia.com/advisories/16970/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: CJ LinkOut 1.x http://secunia.com/product/5770/ DESCRIPTION: Psymera has...
Cj Desing Three Aplications One Bug
Psymera Advisory 1 CjTagBoard 3.0 - CjLinkOut 1.0 - CjWeb2Mail 3.0 Software: CjTagBoard CjLinkOut CjWeb2Mail Versions: CjTagBoard =3.0 CjLinkOut =1.0 CjWeb2Mail =3.0 Language: PHP Type: Cross Side Script Risc: Low Examples: A CjTagBoard XSS B CjLinkOut XSS C CjWeb2Mail XSS Exploitation: remote...
cjultraSQL.txt
ADVISORY Sql Injection in CJ Ultra Plus v1.0.3-1.0.4? "My God, it's full of stars" - c MwNN Vulnerable code is in out.php ... if isset$perm $query = "select a1, a2 from trade where a1 = '$perm'"; So... Exploit:...
CVE-2005-1506
CJ Ultra (CJUltra) Plus versions 1.0.3 and 1.0.4 are affected by a SQL injection in out.php that allows remote attackers to modify/ retrieve data via the perm parameter. The root cause is improper handling of user-supplied input in the SQL query constructed in out.php. The available sources do no...
CVE-2005-1506
SQL injection vulnerability in out.php in CJ Ultra CJUltra Plus 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via the perm parameter...
Sql Injection in CJ Ultra Plus v1.0.3-1.0.4
ADVISORY Sql Injection in CJ Ultra Plus v1.0.3-1.0.4? "My God, it's full of stars" - c MwNN Vulnerable code is in out.php ---code begin-- ... if isset$perm $query = "select a1, a2 from trade where a1 = '$perm'"; -muhahaha $result = mysqlquery$query; if!$result errormessagesqlerror; ... ---code...
CJ Ultra Plus 1.0.3/1.0.4 - 'OUT.php' SQL Injection
source: https://www.securityfocus.com/bid/13533/info CJ Ultra Plus is prone to an SQL injection vulnerability. This issue affects the 'out.php' script and could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks...