22 matches found
EUVD-2006-2683
Malware in sbrugna...
EUVD-2006-2908
Malware in sbrugna...
EUVD-2006-3132
Malware in sbrugna...
EUVD-2006-2928
Malware in sbrugna...
CVE-2006-3135
Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the 1 newsid parameter in the a news module, 2 searchstring parameter in b the search module, 3 id parameter in c the webshop module, 4...
CVE-2006-3135
Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the 1 newsid parameter in the a news module, 2 searchstring parameter in b the search module, 3 id parameter in c the webshop module, 4...
CVE-2006-3135
CVE-2006-3135 affects CMS Mundo 1.0 build 008 (and possibly other versions). The vulnerability is a set of multiple SQL injection flaws that enable remote attackers to run arbitrary SQL commands via (1) news_id in the news module, (2) searchstring in the search module, (3) id in the webshop modul...
[SA20589] CMS Mundo SQL Injection Vulnerabilities
---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation...
CVE-2006-2911
SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 build 008 allows remote attackers to execute arbitrary SQL commands via the username parameter...
CVE-2006-2931
CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, which allows remote attackers to execute arbitrary PHP code by uploading and later directly accessing certain files...
Sql injection
SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 build 008 allows remote attackers to execute arbitrary SQL commands via the username parameter...
Code injection
CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, which allows remote attackers to execute arbitrary PHP code by uploading and later directly accessing certain files...
CVE-2006-2931
CMS Mundo prior to 1.0 build 008 is affected by CVE-2006-2931 due to an input validation error in the image upload handling that allows remote attackers to upload PHP scripts and then access them directly to execute arbitrary code. The vulnerability resides in the image gallery upload path, enabl...
CVE-2006-2911
SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 build 008 allows remote attackers to execute arbitrary SQL commands via the username parameter...
CVE-2006-2931
CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, which allows remote attackers to execute arbitrary PHP code by uploading and later directly accessing certain files...
CVE-2006-2911
The CVE concerns CMS Mundo prior to 1.0 build 008, where SQL injection in controlpanel/index.php via the login username parameter allows remote attackers to execute arbitrary SQL commands. This vulnerability affects the username handling in the login flow, enabling potential data disclosure/manip...
Secunia Research: CMS Mundo SQL Injection and File Upload Vulnerabilities
====================================================================== Secunia Research 14/06/2006 - CMS Mundo SQL Injection and File Upload Vulnerabilities - ====================================================================== Table of Contents Affected...
CVE-2006-2684
Cross-site scripting XSS vulnerability in the search module in CMS Mundo 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in the search module in CMS Mundo 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter...
CVE-2006-2684
CVE-2006-2684 : An XSS vulnerability in the search module of CMS Mundo 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. The root cause is not fully described beyond “XSS in search.” Impact details are limited in the provided documents; CVSS metric...