12 matches found
EUVD-2006-2553
Malware in sbrugna...
JemWeb DownloadControl 1.0 DC.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18041/info DownloadControl is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could...
Cross site scripting
Cross-site scripting XSS vulnerability in Jemscripts DownloadControl 1.0 allows remote attackers to inject arbitrary HTML or web script via the dcid parameter to dc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. This issue...
CVE-2006-2553
Cross-site scripting XSS vulnerability in Jemscripts DownloadControl 1.0 allows remote attackers to inject arbitrary HTML or web script via the dcid parameter to dc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. This issue...
Sql injection
Jemscripts DownloadControl 1.0 allows remote attackers to obtain sensitive information via an invalid dcid parameter to dc.php, which leaks the pathname in an error message. NOTE: this was originally claimed to be SQL injection, but it is probably resultant from another issue in functions.php...
CVE-2006-2552
Jemscripts DownloadControl 1.0 allows remote attackers to obtain sensitive information via an invalid dcid parameter to dc.php, which leaks the pathname in an error message. NOTE: this was originally claimed to be SQL injection, but it is probably resultant from another issue in functions.php...
CVE-2006-2552
CVE-2006-2552 affects Jemscripts DownloadControl 1.0. The vulnerability arises from an invalid dcid parameter to dc.php, which leaks the pathname in an error message (remote information disclosure). The note indicates this was originally claimed as SQL injection, but the root cause is likely else...
CVE-2006-2553
This entry documents an XSS vulnerability in Jemscripts DownloadControl 1.0, exploitable via the dcid parameter to dc.php. Conditions: remote attacker can inject arbitrary HTML or web script. The cited CVSS shows MEDIUM severity (AV:N/AC:M/Au:N/C:P/I:N/A:N) with partial confidentiality impact; no...
CVE-2006-2553
Cross-site scripting XSS vulnerability in Jemscripts DownloadControl 1.0 allows remote attackers to inject arbitrary HTML or web script via the dcid parameter to dc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. This issue...
CVE-2006-2552
Jemscripts DownloadControl 1.0 allows remote attackers to obtain sensitive information via an invalid dcid parameter to dc.php, which leaks the pathname in an error message. NOTE: this was originally claimed to be SQL injection, but it is probably resultant from another issue in functions.php...
JemWeb DownloadControl 1.0 - DC.php SQL Injection
JemWeb DownloadControl 1.0 - DC.php SQL Injection source: https://www.securityfocus.com/bid/18041/info DownloadControl is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successf...
JemWeb DownloadControl 1.0 - 'DC.php' SQL Injection
source: https://www.securityfocus.com/bid/18041/info DownloadControl is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise t...