16 matches found
EUVD-2012-4013
Malware in sbrugna...
EUVD-2012-4014
Malware in sbrugna...
CVE-2012-4069
Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db...
CVE-2012-4070
SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php...
Dir2web3 Mutiple Vulnerabilities
Title: ====== Dir2web3 Multiple Vulnerabilities Date: ===== 05/08/2012 Author: ======= Daniel Correa http://www.sinfocol.org/ Vulnerable software: ==================== Dir2web v3.0 http://www.dir2web.it/ CVE: ==== CVE-2012-4069 CVE-2012-4070 Details: ======== There are two vulnerabilities...
CVE-2012-4070
SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php...
CVE-2012-4069
Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db...
Sql injection
SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php...
Improper access control
Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db...
CVE-2012-4070
SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php...
CVE-2012-4070
CVE-2012-4070 affects Dir2web v3.0. Vulnerable component: system/src/dispatcher.php. The oid parameter in the homepage action to index.php enables SQL injection, allowing remote arbitrary SQL execution. Root cause: insufficient input validation in dispatcher.php; Patch guidance: replace the GET/P...
CVE-2012-4069
Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db...
CVE-2012-4069
Dir2web 3.0 contains an information-disclosure flaw (CVE-2012-4069) caused by insufficient access control, permitting remote attackers to download the database via system/db/website.db. Affected component: Dir2web 3.0 web app; vulnerability in access control for the web root/database directory. I...
Dir2web - '/system/src/dispatcher.php?oid' SQL Injection
source: https://www.securityfocus.com/bid/54845/info Dir2web is prone to multiple security vulnerabilities, including an SQL-Injection vulnerability and an information-disclosure vulnerability. Successfully exploiting these issues allows remote attackers to compromise the software, retrieve...
Dir2web - systemsrcdispatcher.php?oid SQL Injection
Dir2web - systemsrcdispatcher.php?oid SQL Injection source: https://www.securityfocus.com/bid/54845/info Dir2web is prone to multiple security vulnerabilities, including an SQL-Injection vulnerability and an information-disclosure vulnerability. Successfully exploiting these issues allows remote...
Dir2web3 3.0 SQL Injection / Information Disclosure
Title: ====== Dir2web3 Multiple Vulnerabilities Date: ===== 05/08/2012 Author: ======= Daniel Correa http://www.sinfocol.org/ Vulnerable software: ==================== Dir2web v3.0 http://www.dir2web.it/ CVE: ==== CVE-2012-4069 CVE-2012-4070 Details: ======== There are two vulnerabilities...