CVE-2006-0583

SQL injection vulnerability in mailarticle.php in Clever Copy 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter...

CVE-2006-0583

CVE-2006-0583 describes a SQL injection in Clever Copy 3.0 and earlier, via the ID parameter in mailarticle.php. The vulnerability allows remote attackers to execute arbitrary SQL commands. Affected software is described as Clever Copy 3.0 and earlier; the root cause is improper input handling of...

Clever_Copy_V3_sql.txt

Clever Copy SQL injection vulnerable code in mailarticle.php 11-12 ... $getnews="SELECT from CCnews where entryid='$ID'"; $getnews2=mysqlquery$getnews or die"Could not get blog"; ... "ID" var is not properly sanitized before to be used in a SQL query, poc:...

Clever Copy 3.0 - Admin Auth Details SQL Injection

Clever Copy 3.0 - Admin Auth Details SQL Injection this works with magicquotesgpc = Off usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "While heading the profit of my counsel, avail yourself also of any helpful circumstances over and beyond the ordinary rules"...

Directory traversal

Multiple directory traversal vulnerabilities in 1 EPSTIMAP4S.EXE and 2 SPA-IMAP4S.EXE in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allow remote attackers to a list arbitrary directories or cause a denial of service via the LIST command; or create arbitrary files via the b APPEND,...

Mandrake Linux Security Advisory : xine-lib (MDKSA-2005:228)

Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS Denial of Service and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the 'avcodecdefaultgetbuffer' function of 'utils.c' i...

Blender BlenLoader 2.x - File Processing Integer Overflow

Blender BlenLoader 2.x - File Processing Integer Overflow source: https://www.securityfocus.com/bid/15981/info Blender is susceptible to an integer-overflow vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input before using it in a memory allocatio...

Clever Copy Multiple Vulnerabilities (XSS, Path Disc, Inf Disc)

The remote host is running Clever Copy, a free, fully-scalable web site portal and news posting system written in PHP The remote version of this software contains multiple vulnerabilities that can lead to path disclosure, cross-site scripting and unauthorized access to private messages...

[UNIX] Clever Copy Privileges Escalation Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

cleverNotSo.txt

Clever copy Path disclosure and multiple XSS vendor url:http://clevercopy.bestdirectbuy.com advisory:http://lostmon.blogspot.com/2005/07/ clever-copy-path-disclosure-and-xss.html vendor notify: yes exploit available:yes Clever Copy is a free, fully scalable web site portal and news posting...

Clever Copy 2.0 - Private Message Unauthorized Access

source: https://www.securityfocus.com/bid/14397/info Clever Copy is affected by an unauthorized access vulnerability. This issue is due to a failure in the application to perform proper access validation checks before granting access to private message functions. An attacker can exploit this...

Clever Copy 2.0 - 'categorysearch.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14395/info Clever Copy is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code...

Clever Copy 2.0 - Private Message Unauthorized Access

Clever Copy 2.0 - Private Message Unauthorized Access source: https://www.securityfocus.com/bid/14397/info Clever Copy is affected by an unauthorized access vulnerability. This issue is due to a failure in the application to perform proper access validation checks before granting access to privat...

[SA16236] Clever Copy Cross-Site Scripting Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2005-2325

Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full path of the web root via a direct request to 1 ticker.php, 2 menu.php, 3 banned.php, 4 endlayout.php, 5 randomhlinesblock.php, 6 showlast.php, 7 showlast5class1.php, 8 showlast5phorum.php, 9 showlast5phorumblock.php, 10...

CVE-2005-2325

Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full path of the web root via a direct request to 1 ticker.php, 2 menu.php, 3 banned.php, 4 endlayout.php, 5 randomhlinesblock.php, 6 showlast.php, 7 showlast5class1.php, 8 showlast5phorum.php, 9 showlast5phorumblock.php, 10...

CVE-2005-2323

Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the 1 id parameter to viewattach.php, 2 viewuserid parameter to users.php, or the 3 id or 4 forum parameter to viewforum.php...

CVE-2005-2323

Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the following parameters: (1) id in viewattach.php, (2) viewuser_id in users.php, and (3) id or (4) forum in viewforum.php. Affecte...

CVE-2005-2324

CVE-2005-2324 affects Clever Copy 2.0 and 2.0a. The vulnerability is a Cross-site Scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via the searchtype or searchterm parameters to (1) results.php or (2) categorysearch.php. The cited sources confirm the vulner...

CVE-2005-2323

Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the 1 id parameter to viewattach.php, 2 viewuserid parameter to users.php, or the 3 id or 4 forum parameter to viewforum.php...