17 matches found
EUVD-2006-1493
Malware in sbrugna...
EUVD-2006-1435
Malware in sbrugna...
CVE-2006-1489
Multiple SQL injection vulnerabilities in FusionZONE CouponZONE local.cfm in 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 companyid, 2 scat, and 3 coid parameters...
Sql injection
Multiple SQL injection vulnerabilities in FusionZONE CouponZONE local.cfm in 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 companyid, 2 scat, and 3 coid parameters...
CVE-2006-1489
CVE-2006-1489 describes multiple SQL injection vulnerabilities in FusionZONE CouponZONE local.cfm (versions 4.2 and earlier). The flaw allows remote attackers to inject arbitrary SQL commands through the parameters (1) companyid, (2) scat, and (3) coid. The vulnerability can impact confidentialit...
CVE-2006-1489
Multiple SQL injection vulnerabilities in FusionZONE CouponZONE local.cfm in 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 companyid, 2 scat, and 3 coid parameters...
Design/Logic Flaw
fusionZONE couponZONE 4.2 allows remote attackers to obtain the full path of the web server, and other sensitive information, via invalid values, as demonstrated using manipulations associated with SQL...
CVE-2006-1432
fusionZONE couponZONE 4.2 allows remote attackers to obtain the full path of the web server, and other sensitive information, via invalid values, as demonstrated using manipulations associated with SQL...
Cross site scripting
Cross-site scripting XSS vulnerability in local.cfm in fusionZONE couponZONE 4.2 allows remote attackers to inject arbitrary web script or HTML via URL-encoded 1 srchfor and 2 srchby parameters...
CVE-2006-1431
Cross-site scripting XSS vulnerability in local.cfm in fusionZONE couponZONE 4.2 allows remote attackers to inject arbitrary web script or HTML via URL-encoded 1 srchfor and 2 srchby parameters...
CVE-2006-1431
Cross-site scripting XSS vulnerability in local.cfm in fusionZONE couponZONE 4.2 allows remote attackers to inject arbitrary web script or HTML via URL-encoded 1 srchfor and 2 srchby parameters...
CVE-2006-1432
The CVE-2006-1432 entry concerns fusionZONE couponZONE 4.2, where remote attackers can disclose server file paths and other sensitive info through manipulated inputs that trigger SQL-based inference. Root cause: improper input handling allowing SQL manipulation leading to information disclosure. ...
CVE-2006-1431
The CVE-2006-1431 entry documents a Cross-site scripting (XSS) vulnerability in the fusionZONE couponZONE 4.2 product, specifically in local.cfm. The vulnerability allows remote attackers to inject arbitrary web script or HTML via URL-encoded parameters (1) srchfor and (2) srchby. The NVD descrip...
FusionZONE CouponZONE 4.2 - Multiple Cross-Site Scripting Vulnerabilities
FusionZONE CouponZONE 4.2 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/17272/info The couponZONE application is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize...
FusionZONE CouponZONE 4.2 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/17272/info The couponZONE application is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script...
FusionZONE CouponZONE 4.2 - Multiple SQL Injections
source: https://www.securityfocus.com/bid/17274/info The couponZONE application is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an...
FusionZONE CouponZONE 4.2 - Multiple SQL Injections
FusionZONE CouponZONE 4.2 - Multiple SQL Injections source: https://www.securityfocus.com/bid/17274/info The couponZONE application is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in ...