EUVD-2008-0301

Malware in sbrugna...

Digital Hive 2.0 - 'base_include.php' Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/29255/info Digital Hive is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to view local...

Digital Hive 2.0 - 'base.php' Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28918/info Digital Hive is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

Digital Hive 2.0 - base_include.php Local File Inclusion

Digital Hive 2.0 - baseinclude.php Local File Inclusion source: https://www.securityfocus.com/bid/29255/info Digital Hive is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal...

Digital Hive 2.0 - 'base_include.php' Local File Inclusion

source: https://www.securityfocus.com/bid/29255/info Digital Hive is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to view local files in the context of the...

Digital Hive 2.0 - base.php Cross-Site Scripting

Digital Hive 2.0 - base.php Cross-Site Scripting source: https://www.securityfocus.com/bid/28918/info Digital Hive is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary scri...

Digital Hive 2.0 - 'base.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/28918/info Digital Hive is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...

CVE-2008-0290

Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow 1 remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or 2 remote authenticated administrators to execute arbitrary SQL commands via the userid parameter in the...

Sql injection

Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow 1 remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or 2 remote authenticated administrators to execute arbitrary SQL commands via the userid parameter in the...

CVE-2008-0290

Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow 1 remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or 2 remote authenticated administrators to execute arbitrary SQL commands via the userid parameter in the...

CVE-2008-0290

Affected software: Digital Hive 2.0 RC2 and earlier. The CVE describes two SQL injection vectors: (1) via the selectskin parameter to an unspecified program, allowing remote execution of arbitrary SQL commands; (2) via the user_id parameter in gestione_membre.php to base.php, allowing remote auth...