4 matches found
EUVD-2007-1487
Malware in sbrugna...
Sql injection
nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172...
CVE-2007-1172
The CVE-2007-1172 entry documents a SQL injection vulnerability in nukesentinel.php affecting NukeSentinel 2.5.05 and possibly earlier. The vulnerability allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header (the File Disclosure Exploit). This affects the applica...
CVE-2007-1172
SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."...