CodeAvalanche News 1.x (CAT_ID) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================== CodeAvalanche News 1.x CATID Remote SQL Injection Vulnerability ================================================================== CodeAvalanche News SQL Injection Software...

CodeAvalanche News 1.x - 'CAT_ID' SQL Injection

CodeAvalanche News SQL Injection Software: CodeAvalanche News Download: http://www.aspindir.com/indir.asp?id=3315 Risk: High Found by: beks http://target/path/inclistnews.asp?CATID=17+union+select+0,0,0,0,Password+from+Params milw0rm.com 2007-02-15...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in post.asp in CodeAvalanche FreeForum aka CAForum 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 msgsubject and 2 msgbody parameters. NOTE: The provenance of this information is unknown; the details are obtained solel...

CVE-2006-2927

Multiple cross-site scripting XSS vulnerabilities in post.asp in CodeAvalanche FreeForum aka CAForum 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 msgsubject and 2 msgbody parameters. NOTE: The provenance of this information is unknown; the details are obtained solel...

CVE-2006-2927

Multiple cross-site scripting XSS vulnerabilities in post.asp in CodeAvalanche FreeForum aka CAForum 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 msgsubject and 2 msgbody parameters. NOTE: The provenance of this information is unknown; the details are obtained solel...

CVE-2006-2927

The CVE-2006-2927 entry concerns CodeAvalanche FreeForum (aka CAForum) 1.0, where multiple XSS vulnerabilities exist in post.asp. The affected component is the post.asp handler; the vulnerability allows an attacker to inject arbitrary script or HTML via the msg_subject or msg_body parameters. The...

Sql injection

SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeAvalanche FreeForum aka CAForum 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter...

CVE-2006-2822

SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeAvalanche FreeForum aka CAForum 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter...

CVE-2006-2822

CVE-2006-2822 describes a SQL injection in CodeAvalanche FreeForum 1.0 (admin/default.asp) that allows remote attackers to run arbitrary SQL via the password parameter. The NVD record assigns a CVSS v2 base score of 7.5 (HIGH) with network attack vector and no authentication, indicating potential...

CVE-2006-2822

SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeAvalanche FreeForum aka CAForum 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter...

CANews Multiple Vulnerabilities

------------------------------------------------------------------ - CANews Remote Multiple Vulnerability - -= http://colander.altervista.org/advisory/CANews.txt =- ------------------------------------------------------------------ -= CodeAvalanche News Version 1.2 =- Omnipresent May 18, 2006...

CANews.txt

------------------------------------------------------------------ - CANews Remote Multiple Vulnerability - -= http://colander.altervista.org/advisory/CANews.txt =- ------------------------------------------------------------------ -= CodeAvalanche News Version 1.2 =- Omnipresent May 18, 2006...

Sql injection

SQL injection vulnerability in default.asp in CodeAvalanche News CANews 1.2 allows remote attackers to execute arbitrary SQL commands via the password field...

Cross site scripting

Cross-site scripting XSS vulnerability in addnews.asp in CodeAvalanche News CANews 1.2 allows remote attackers to inject arbitrary web script or HTML via the Headline field. NOTE: if this issue is limited to administrators, and if it is expected behavior for administrators to be able to generate...

CVE-2006-2499

SQL injection vulnerability in default.asp in CodeAvalanche News CANews 1.2 allows remote attackers to execute arbitrary SQL commands via the password field...

CVE-2006-2500

Cross-site scripting XSS vulnerability in addnews.asp in CodeAvalanche News CANews 1.2 allows remote attackers to inject arbitrary web script or HTML via the Headline field. NOTE: if this issue is limited to administrators, and if it is expected behavior for administrators to be able to generate...

CVE-2006-2500

CANews 1.2 is affected by a Cross-Site Scripting (XSS) vulnerability in add_news.asp where the Headline field accepts input that can inject arbitrary script/HTML. The root cause is insufficient input sanitization for that field, enabling remote attackers to execute script in a victim’s browser. T...

CVE-2006-2499

CVE-2006-2499 affects CodeAvalanche News (CANews) 1.2, where a SQL injection in default.asp via the password field allows remote execution of arbitrary SQL. The linked data list a CVSSv2 base score of 7.5 (HIGH) with NETWORK attack vector, LOW access complexity, and no authentication required, yi...

CVE-2006-2499

SQL injection vulnerability in default.asp in CodeAvalanche News CANews 1.2 allows remote attackers to execute arbitrary SQL commands via the password field...

CodeAvalanche News 1.2 - default.asp SQL Injection

CodeAvalanche News 1.2 - default.asp SQL Injection source: https://www.securityfocus.com/bid/18031/info CodeAvalanche News is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A...