44 matches found
EUVD-2008-1192
Malware in sbrugna...
EUVD-2004-2347
Malware in sbrugna...
EUVD-2008-0855
Malware in sbrugna...
EUVD-2008-3831
Malware in sbrugna...
EUVD-2008-3496
Malware in sbrugna...
EUVD-2008-3826
Malware in sbrugna...
Crafty Syntax Live Help <= 2.14.6 (department) SQL Injection Vuln
No description provided by source. Crafty Syntax Live Help = 2.14.6 SQL Injection August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured, open source, online...
Crafty Syntax Live Help 2.14.6 'livehelp_js.php' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30543/info Crafty Syntax Live Help CSLH is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script...
Crafty Syntax Live Help 2.9.9 - Multiple Remote File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/20711/info Crafty Syntax Live Help is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...
Crafty Syntax Live Help 3.1.2 - Remote File Inclusion Full Path Disclosure
Crafty Syntax Live Help 3.1.2 - Remote File Inclusion Full Path Disclosure source: https://www.securityfocus.com/bid/59322/info Crafty Syntax Live Help is prone to a remote file-include vulnerability and a path-disclosure vulnerability because it fails to sufficiently sanitize user-supplied input...
Crafty Syntax Live Help RFI / Path Disclosure
Exploit Title : Crafty Syntax Live Help = 2.. & 3.. RFI + Path Disclosure Date : 4/19/2013 Author : ITTIHACK Home : http://ittihack.com Vendor : http://www.craftysyntax.com Download : http://www.craftysyntax.com/craftysyntax3.4.1.zip Version : 2. and 3. , All versions Category : webapps Google do...
Crafty Syntax Live Help 3.1.2 - Remote File Inclusion / Full Path Disclosure
source: https://www.securityfocus.com/bid/59322/info Crafty Syntax Live Help is prone to a remote file-include vulnerability and a path-disclosure vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to obtain sensitive...
Sql injection
Multiple SQL injection vulnerabilities in Crafty Syntax Live Help CSLH 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to 1 isxmlhttp.php and 2 isflush.php...
CVE-2008-3845
Multiple SQL injection vulnerabilities in Crafty Syntax Live Help CSLH 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to 1 isxmlhttp.php and 2 isflush.php...
CVE-2008-3845
Crafty Syntax Live Help (CSLH) prior to version 2.14.6 contains multiple SQL injection vulnerabilities in the server-side logic handling the department parameter for is_xmlhttp.php and is_flush.php. The underlying issue is unsafely constructed SQL queries that allow remote attackers to alter data...
CVE-2008-3845
Multiple SQL injection vulnerabilities in Crafty Syntax Live Help CSLH 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to 1 isxmlhttp.php and 2 isflush.php...
CVE-2008-3840
Crafty Syntax Live Help CSLH 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information...
CVE-2008-3840
The CVE-2008-3840 entry concerns Crafty Syntax Live Help (CSLH) 2.14.6 and earlier, where passwords are stored in cleartext in a MySQL database. The root cause is insecure password storage in plaintext, enabling an attacker with context access to obtain sensitive information from the database. Th...
CVE-2008-3840
Crafty Syntax Live Help CSLH 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information...
crafty-sql.txt
GulfTech Security Research August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured, open source, online support system written in php that allows the visitors of ...