32 matches found
EUVD-2010-4874
Malware in sbrugna...
EUVD-2010-4880
Malware in sbrugna...
EUVD-2010-4879
Malware in sbrugna...
EUVD-2010-4877
Malware in sbrugna...
ColdOfficeView 2.04 Multiple Blind SQL Injection Vulnerabilities
No description provided by source. ColdGen - coldofficeview v2.04 Remote Blind SQL Injection vulnerabilities Vendor: http://www.coldgen.com/ Found by: mrme net-ninja.net PoC's 1. http://target/path/index.cfm?fuseaction=ViewEventDetails&EventID=Blind SQLi...
ColdBookmarks 1.22 SQL Injection Vulnerability
No description provided by source. ColdGen - coldbookmarks v1.22 Remote 0day SQL Injection vulnerability Vendor: http://www.coldgen.com/ Found by: mrme net-ninja.net PoC http://target/path/index.cfm?fuseaction=EditBookmark&BookmarkID=SQLi&CFID=XXXXXX&CFTOKEN=XXXXXXXX...
ColdGen ColdUserGroup Cross-Site Scripting and SQL Injection Vulnerabilities
ColdGen ColdUserGroup is prone to cross site scripting and SQL injection vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2010-4910
SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06 allows remote attackers to execute arbitrary SQL commands via the EventID parameter in a ViewEventDetails action...
CVE-2010-4915
SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 allows remote attackers to execute arbitrary SQL commands via the BookmarkID parameter in an EditBookmark action...
CVE-2010-4913
Cross-site scripting XSS vulnerability in the search feature in ColdGen ColdUserGroup 1.06 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some of these details are obtained from third party information...
CVE-2010-4916
Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the 1 ArticleID or 2 LibraryID parameter...
Sql injection
SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06 allows remote attackers to execute arbitrary SQL commands via the EventID parameter in a ViewEventDetails action...
Sql injection
SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 allows remote attackers to execute arbitrary SQL commands via the BookmarkID parameter in an EditBookmark action...
Cross site scripting
Cross-site scripting XSS vulnerability in the search feature in ColdGen ColdUserGroup 1.06 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some of these details are obtained from third party information...
Sql injection
Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the 1 ArticleID or 2 LibraryID parameter...
CVE-2010-4915
CVE-2010-4915 affects ColdGen ColdBookmarks 1.22, with a vulnerability in the index.cfm function where the BookmarkID parameter in an EditBookmark action enables SQL injection, allowing remote attackers to execute arbitrary SQL commands. The issue is tied to improper handling of the BookmarkID in...
CVE-2010-4916
Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the 1 ArticleID or 2 LibraryID parameter...
CVE-2010-4916
CVE-2010-4916 affects ColdGen ColdUserGroup 1.06. The vulnerability is a SQL injection in ColdGen ColdUserGroup’s index.cfm, exploitable via the ArticleID or LibraryID parameter to allow remote execution of arbitrary SQL commands. Exploitation specifics, affected versions beyond 1.06, and remedia...
CVE-2010-4910
.Product: ColdGen ColdCalendar 2.06. Vulnerability: SQL injection in the index.cfm handling ViewEventDetails with the EventID parameter, allowing remote execution of arbitrary SQL commands. Root cause: Improper input handling leading to SQLi. Impact: potential data exposure/modification, dependin...
CVE-2010-4913
The OpenVAS entry confirms that ColdGen ColdUserGroup is prone to both Cross-Site Scripting (XSS) and SQL Injection vulnerabilities. The CVE-2010-4913 entry describes an XSS flaw in the search feature of ColdGen ColdUserGroup 1.06, exploitable via the Keywords parameter to inject arbitrary script...