CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

0day.today•added 2017/09/18 12:0 a.m.•29 views

Digirez 3.4 - Cross-Site Request Forgery (Update Admin) Exploit

Exploit for asp platform in category web applications !/usr/local/bin/python Exploit Title: Digirez 3.4 - Cross-Site Request Forgery Update User & Admin Dork: N/A Date: 18.09.2017 Vendor Homepage: http://www.digiappz.com/ Software Link: http://www.digiappz.com/index.asp Demo:...

Exploit DB•added 2017/09/18 12:0 a.m.•30 views

Digirez 3.4 - Cross-Site Request Forgery (Update Admin)

!/usr/local/bin/python Exploit Title: Digirez 3.4 - Cross-Site Request Forgery Update User & Admin Dork: N/A Date: 18.09.2017 Vendor Homepage: http://www.digiappz.com/ Software Link: http://www.digiappz.com/index.asp Demo: http://www.digiappz.com/room/index.asp Version: 3.4 Category: Webapps Test...

seebug.org•added 2014/07/01 12:0 a.m.•11 views

Digirez 3.4 - Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/24157/info Digirez is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authenticati...

Packet Storm•added 2007/05/31 12:0 a.m.•19 views

digirez-xss.txt

Hello Vulnerable : Digirez Version: 3.4 web : http://www.digiappz.com XSS : 1- http://www.example.com/room/infobook.asp?Roomname=XSS 2- http://www.example.com/room/week.asp?curYear=XSS For Example u can put : 1- http://www.example.com/room/infobook.asp?Roomname='alert1; 2-...

NVD•added 2007/05/29 8:30 p.m.•8 views

CVE-2007-2880

Multiple cross-site scripting XSS vulnerabilities in Digirez 3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 Roomname parameter to room/infobook.asp or the 2 curYear parameter to room/week.asp...

4.3CVSS5.8AI score0.00507EPSS

Exploits0References7

Prion•added 2007/05/29 8:30 p.m.•11 views

Cross site scripting

4.3CVSS6.1AI score0.00507EPSS

Exploits0References7Affected Software1

Cvelist•added 2007/05/29 8:0 p.m.•14 views

CVE-2007-2880

5.8AI score0.00507EPSS

Exploits0References7

CVE•added 2007/05/29 8:0 p.m.•54 views

CVE-2007-2880

Digirez 3.4 has multiple cross-site scripting (XSS) vulnerabilities that enable remote attackers to inject arbitrary web script or HTML via (1) the Room_name parameter in room/info_book.asp and (2) the curYear parameter in room/week.asp. Root cause: insufficient input sanitization leading to scri...

4.3CVSS5.8AI score0.00507EPSS

Exploits0References7Affected Software1

securityvulns•added 2007/05/26 12:0 a.m.•49 views

Multiple XSS in Digirez

exploitpack•added 2007/05/25 12:0 a.m.•15 views

Digirez 3.4 - Multiple Cross-Site Scripting Vulnerabilities

Digirez 3.4 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/24157/info Digirez is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal...

Exploit DB•added 2007/05/25 12:0 a.m.•14 views

Digirez 3.4 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/24157/info Digirez is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other...

Prion•added 2007/01/09 11:28 a.m.•15 views

Sql injection

SQL injection vulnerability in infobook.asp in Digirez 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the bookid parameter...

7.5CVSS9AI score0.0131EPSS

Exploits0References4Affected Software1

NVD•added 2007/01/09 11:28 a.m.•11 views

CVE-2007-0128

SQL injection vulnerability in infobook.asp in Digirez 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the bookid parameter...

7.5CVSS8.4AI score0.0131EPSS

Exploits0References4

CVE•added 2007/01/09 11:0 a.m.•51 views

CVE-2007-0128

CVE-2007-0128 describes an SQL injection vulnerability in info_book.asp for Digirez 3.4 and earlier, where the book_id parameter can be manipulated to execute arbitrary SQL commands remotely. Affected software is Digirez (versions up to 3.4 and earlier); the underlying root cause is improper hand...

7.5CVSS8.4AI score0.0131EPSS

Exploits0References4Affected Software1

seebug.org•added 2007/01/09 12:0 a.m.•39 views

DigiAppz DigiRez Info_Book.ASP SQL注入漏洞

DigiAppz DigiRez是一款基于ASP的WEB应用程序。 DigiAppz DigiRez不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。问题是'InfoBook.ASP'脚本对用户提交的WEB参数缺少过滤，提交恶意脚本代码作为参数数据，可导致获得敏感信息 Digiappz Digirez 3.4 Digiappz Digirez 3.3 Digiappz Digirez 3.2 Digiappz Digirez 3.1 Digiappz Digirez 3.0 目前没有解决方案提供： http://www.digiappz.com/...

0day.today•added 2007/01/04 12:0 a.m.•36 views

DigiRez <= 3.4 (book_id) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ===================================================== DigiRez : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; $target =...

Exploit DB•added 2007/01/04 12:0 a.m.•38 views

DigiRez 3.4 - 'book_id' SQL Injection

!/usr/bin/perl Script Name: DigiRez : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; $target = "-1%20union%20select%200,0,0,memberlogin,0,0,0,0,memberlogin,0,0,0,0%20from%20members"; $target =...