13 matches found
EUVD-2001-0520
Malware in sbrugna...
EUVD-2006-2050
Malware in sbrugna...
EUVD-2006-2051
Malware in sbrugna...
CVE-2006-2050
SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to execute arbitrary SQL commands via the az parameter...
DC Scripts DCShop Beta 1.0 02 File Disclosure Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/2889/exploit DCShop is a GCI-based ecommerce system from DCScripts. Under certain configurations, a beta version of this product can allow a remote user to request and obtain files containing confidential order data,...
CVE-2006-2050
SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to execute arbitrary SQL commands via the az parameter...
Sql injection
SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to execute arbitrary SQL commands via the az parameter...
CVE-2006-2050
CVE-2006-2050 affects DCScripts DCForumLite 3.0 via SQL injection in dcboard.cgi (parameter az). Root cause: improper input handling allowing arbitrary SQL execution by remote attackers. Impact: potential data exposure or modification as described in the original vulnerability note. Connected rec...
CVE-2006-2049
CVE-2006-2049 is a cross-site scripting (XSS) vulnerability in DCScripts DCForumLite 3.0, specifically in the dcboard.cgi handler where the az parameter can be crafted to inject arbitrary web script or HTML. The vulnerability enables remote attackers to inject scripts in victims’ browsers, with t...
CVE-2001-0527
Affected software: DCScripts DCForum (versions 2000 and earlier). The vulnerability arises from input handling in the registration form: an attacker can insert pipe symbols (|) and newlines into the last name, which creates an extra entry in the registration database and yields additional privile...
CVE-2001-0527
DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols | and newlines into the last name in the registration form, which will create an extra entry in the registration database...
And another (same) bug in DCForum at user registration process (dcscripts.com)
When registering a user and not allowing him to choose a password, a password is generated by the same algorithm as the algorithm used when creating new password for a user who lost it. Once again, the password is predictable, thus bypasses all limitations of using a valid mailbox for user...
CVE-2001-0527
DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols | and newlines into the last name in the registration form, which will create an extra entry in the registration database...