23 matches found
EUVD-2006-2500
Malware in sbrugna...
EUVD-2007-1018
Malware in sbrugna...
EUVD-2006-2499
Malware in sbrugna...
CodeAvalanche News 1.2 Default.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18031/info CodeAvalanche News is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit...
Sql injection
SQL injection vulnerability in inclistnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CATID parameter...
CVE-2007-1021
SQL injection vulnerability in inclistnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CATID parameter...
CVE-2007-1021
The CVE-2007-1021 entry concerns CodeAvalanche News 1.x, where a SQL injection flaw in inc_listnews.asp allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter. The underlying issue is improper handling/validation of CAT_ID, enabling crafted input to affect the database...
CVE-2007-1021
SQL injection vulnerability in inclistnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CATID parameter...
CodeAvalanche News 1.x (CAT_ID) Remote SQL Injection Vulnerability
No description provided by source. CodeAvalanche News SQL Injection Software: CodeAvalanche News Download: http://www.aspindir.com/indir.asp?id=3315 Risk: High Found by: beks http://target/path/inclistnews.asp?CATID=17+union+select+0,0,0,0,Password+from+Params...
CodeAvalanche News 1.x - CAT_ID SQL Injection
CodeAvalanche News 1.x - CATID SQL Injection CodeAvalanche News SQL Injection Software: CodeAvalanche News Download: http://www.aspindir.com/indir.asp?id=3315 Risk: High Found by: beks http://target/path/inclistnews.asp?CATID=17+union+select+0,0,0,0,Password+from+Params milw0rm.com 2007-02-15...
CodeAvalanche News 1.x (CAT_ID) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ================================================================== CodeAvalanche News 1.x CATID Remote SQL Injection Vulnerability ================================================================== CodeAvalanche News SQL Injection Software...
CodeAvalanche News 1.x - 'CAT_ID' SQL Injection
CodeAvalanche News SQL Injection Software: CodeAvalanche News Download: http://www.aspindir.com/indir.asp?id=3315 Risk: High Found by: beks http://target/path/inclistnews.asp?CATID=17+union+select+0,0,0,0,Password+from+Params milw0rm.com 2007-02-15...
CANews.txt
------------------------------------------------------------------ - CANews Remote Multiple Vulnerability - -= http://colander.altervista.org/advisory/CANews.txt =- ------------------------------------------------------------------ -= CodeAvalanche News Version 1.2 =- Omnipresent May 18, 2006...
Sql injection
SQL injection vulnerability in default.asp in CodeAvalanche News CANews 1.2 allows remote attackers to execute arbitrary SQL commands via the password field...
Cross site scripting
Cross-site scripting XSS vulnerability in addnews.asp in CodeAvalanche News CANews 1.2 allows remote attackers to inject arbitrary web script or HTML via the Headline field. NOTE: if this issue is limited to administrators, and if it is expected behavior for administrators to be able to generate...
CVE-2006-2500
Cross-site scripting XSS vulnerability in addnews.asp in CodeAvalanche News CANews 1.2 allows remote attackers to inject arbitrary web script or HTML via the Headline field. NOTE: if this issue is limited to administrators, and if it is expected behavior for administrators to be able to generate...
CVE-2006-2499
SQL injection vulnerability in default.asp in CodeAvalanche News CANews 1.2 allows remote attackers to execute arbitrary SQL commands via the password field...
CVE-2006-2499
CVE-2006-2499 affects CodeAvalanche News (CANews) 1.2, where a SQL injection in default.asp via the password field allows remote execution of arbitrary SQL. The linked data list a CVSSv2 base score of 7.5 (HIGH) with NETWORK attack vector, LOW access complexity, and no authentication required, yi...
CVE-2006-2500
CANews 1.2 is affected by a Cross-Site Scripting (XSS) vulnerability in add_news.asp where the Headline field accepts input that can inject arbitrary script/HTML. The root cause is insufficient input sanitization for that field, enabling remote attackers to execute script in a victim’s browser. T...
CVE-2006-2499
SQL injection vulnerability in default.asp in CodeAvalanche News CANews 1.2 allows remote attackers to execute arbitrary SQL commands via the password field...