23 matches found
EUVD-2006-2252
Malware in sbrugna...
EUVD-2005-0218
Malware in sbrugna...
EUVD-2008-5815
Malware in sbrugna...
Invision Community Blog 1.0/1.1 - Multiple Input Validation Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/13910/info Multiple input validation vulnerabilities reportedly affect Invision Community Blog. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out...
Invision Community Blog Mod 1.2.4 - SQL Injection Vulnerability
No description provided by source. 1. Open any blog entry 2. Try to reply to any message 3. Push Preview message button Do not post your reply 4. Save source code of opened page to your PC 5. Find this string input type='hidden' name='eid' value='BLOGENTRYID' / 6. Change BLOGENTRYID with this SQL...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Six Apart Movable Type MT before 4.23 allow remote attackers to inject arbitrary web script or HTML via a 1 MTEntryAuthorUsername, 2 MTAuthorDisplayName, 3 MTEntryAuthorDisplayName, or 4 MTCommenterName field in a Profile View template; a 5...
CVE-2008-5845
Multiple cross-site scripting XSS vulnerabilities in Six Apart Movable Type MT before 4.23 allow remote attackers to inject arbitrary web script or HTML via a 1 MTEntryAuthorUsername, 2 MTAuthorDisplayName, 3 MTEntryAuthorDisplayName, or 4 MTCommenterName field in a Profile View template; a 5...
CVE-2008-5845
Multiple cross-site scripting XSS vulnerabilities in Six Apart Movable Type MT before 4.23 allow remote attackers to inject arbitrary web script or HTML via a 1 MTEntryAuthorUsername, 2 MTAuthorDisplayName, 3 MTEntryAuthorDisplayName, or 4 MTCommenterName field in a Profile View template; a 5...
CVE-2006-6369
SQL injection vulnerability in lib/entryreplyentry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality...
Invision Community Blog EID SQL注入漏洞
Invision Community Blog是一款基于Invision的一个日记模块。 Invision Community Blog不充分过滤用户提交的URI输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是脚本对用户提交的'EID'参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 Invision Power Services Invision Community Blog 1.2.4 目前没有解决方案提供: http://www.invisionblog.com/...
Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability
Open any blog entry 2. Try to reply to any message 3. Push "Preview message" button Do not post your reply 4. Save source code of opened page to your PC 5. Find this string input type='hidden' name='eid' value='BLOGENTRYID' / 6. Change BLOGENTRYID with this SQL Injection: BLOGENTRYID UNION...
Invision Community Blog Mod 1.2.4 - SQL Injection
Open any blog entry 2. Try to reply to any message 3. Push "Preview message" button Do not post your reply 4. Save source code of opened page to your PC 5. Find this string ' / 6. Change with this SQL Injection: UNION SELECT b.entryid, b.blogid, b.categoryid, b.entryauthorid, b.entryauthorname,...
CVE-2006-2251
SQL injection vulnerability in the dommod function in mod.php in Invision Community Blog ICB 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter...
Sql injection
SQL injection vulnerability in the dommod function in mod.php in Invision Community Blog ICB 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter...
CVE-2006-2251
SQL injection vulnerability in the dommod function in mod.php in Invision Community Blog ICB 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter...
CVE-2006-2251
CVE-2006-2251: A SQL injection in the do_mmod function of mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL via the selectedbids parameter. Affected software is Invision Community Blog (ICB). The vulnerabili...
invisionCBSQL.txt
LEFT Invision Community Blog .. Bugs SQL Injection :- Filename :- mod.php Function name :- dommod The $ids Unfilter Input By Intval As Array : So We Can Do SQL Injection -- Arabic /LEFT RIGHT ÇáãÊÛíÑ $ids ÛíÑ ãÝáÊÑ Úä ØÑíÞ ÇáÏÇáå intval æåæ ÈÔßá ãÕÝæÝå .. áåÐÇ ÇáÓÈÈ ããßä Úãá ÷ÍÞäå /RIGHT LEFT php...
Invision Community Blog Multiple Vulnerabilities (SQLi, XSS)
The remote host is running Invision Community Blog, a plugin for Invision Power Board that lets users have their own blogs. The version installed on the remote host fails to properly sanitize user-supplied data making it prone to multiple SQL injection and cross-site scripting vulnerabilities...
CVE-2005-0217
SQL injection vulnerability in index.php in Invision Community Blog allows remote attackers to execute arbitrary SQL commands via the eid parameter...
CVE-2005-0217
SQL injection vulnerability in index.php in Invision Community Blog allows remote attackers to execute arbitrary SQL commands via the eid parameter...