6 matches found
EUVD-2007-2894
Malware in sbrugna...
CVE-2007-2902
SQL injection vulnerability in main/auth/myprogress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter...
CVE-2007-2902
SQL injection vulnerability in main/auth/myprogress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter...
CVE-2007-2901
CVE-2007-2901: Affected software is Dokeos 1.8.0 and earlier. The vulnerability is multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecif...
CVE-2007-2902
SQL injection in Dokeos 1.8.0 and earlier affects main/auth/my_progress.php via the course parameter, allowing remote authenticated users to execute arbitrary SQL commands. Affected: Dokeos 1.8.0 and earlier. Root cause: unsafely constructed SQL in the course parameter. Impact per CVSS: partial c...
Dokeos 1.8.0 - my_progress.php?course SQL Injection
Dokeos 1.8.0 - myprogress.php?course SQL Injection !/usr/bin/perl -w Dokeos = 1.8.0 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code myprogress.php: ifisset$GET'course' $sqlInfosCourse = "SELECT course.code,...