EUVD-2008-6070

Malware in sbrugna...

Oracle WebCenter Portal (July 2024 CPU)

The 12.2.1.4.0 versions of WebCenter Portal installed on the remote host are affected by a vulnerability as referenced in the July 2024 CPU advisory. - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component: Portal Core Apache SOAP. The supported version that i...

Oracle WebCenter Portal Multiple Vulnerabilities (October 2023 CPU)

The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the October 2023 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities: - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component:...

Oracle WebCenter Portal RCE (Oct 2021 CPU)

The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the October 2021 Critical Patch Update CPU. It is, therefore, affected by a vulnerability in the Discussion Forums XStream component that is easily exploitable by a remote, low privileged attacker...

Sql injection

Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 CatID parameter to a RSS1.php and b RSS2.php in misc/; and the 2 SubID parameter to c misc/RSS5.php...

CVE-2008-6100

Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 CatID parameter to a RSS1.php and b RSS2.php in misc/; and the 2 SubID parameter to c misc/RSS5.php...

CVE-2008-6100

Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 CatID parameter to a RSS1.php and b RSS2.php in misc/; and the 2 SubID parameter to c misc/RSS5.php...

CVE-2008-6100

CVE-2008-6100 documents multiple SQL injection vulnerabilities in the older system Discussion Forums 2k 3.3 when magic_quotes_gpc is disabled. The faults allow remote attackers to craft input via (1) CatID parameters to RSS1.php and RSS2.php (in misc/) and (2) SubID to RSS5.php (in misc/) to exec...

Discussion Forums 2k v3.3 Multiple SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications ================================================================ Discussion Forums 2k v3.3 Multiple SQL Injection Vulnerabilities ================================================================...

discforums-sql.txt

Author: !DoktOR! Date found: 30.09.08 Product: Discussion Forums 2k Version: 3.3 URL: http://developer.berlios.de/projects/df2k/ Vulnerability Class: SQL Injection Condition: magicquotesgpc = Off Exploit 1:...

Discussion Forums 2k 3.3 - Multiple SQL Injections

Author: !DoktOR! Date found: 30.09.08 Product: Discussion Forums 2k Version: 3.3 URL: http://developer.berlios.de/projects/df2k/ Vulnerability Class: SQL Injection Condition: magicquotesgpc = Off Exploit 1:...

Discussion Forums 2k 3.3 - Multiple SQL Injections

Discussion Forums 2k 3.3 - Multiple SQL Injections Author: !DoktOR! Date found: 30.09.08 Product: Discussion Forums 2k Version: 3.3 URL: http://developer.berlios.de/projects/df2k/ Vulnerability Class: SQL Injection Condition: magicquotesgpc = Off Exploit 1:...