6 matches found
EUVD-2006-6049
Malware in sbrugna...
CVE-2006-6066
Multiple SQL injection vulnerabilities in Dragon Calendar / Events Listing 2.x allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter to a adminlogin.asp, the 3 ID parameter to b eventsearchdetail.asp, or the 4 VenueID parameter to c venuedetail.asp...
CVE-2006-6066
Multiple SQL injection vulnerabilities in Dragon Calendar / Events Listing 2.x allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter to a adminlogin.asp, the 3 ID parameter to b eventsearchdetail.asp, or the 4 VenueID parameter to c venuedetail.asp...
CVE-2006-6066
Vulnerability summary (CVE-2006-6066) : Dragon Calendar / Events Listing 2.x contains multiple SQL injection flaws allowing remote attackers to execute arbitrary SQL commands via parameters in API endpoints: username or password to admin_login.asp, ID to event_searchdetail.asp, and VenueID to ven...
PT-2006-6711 · Dragon · Dragon Calendar / Events Listing
Name of the Vulnerable Software and Affected Versions: Dragon Calendar / Events Listing versions 2.x Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the username or password parameter to the "admin login.asp" API endpoint, the ID paramete...
Dragon calendar [ login bypass & injection sql ]
vendor site:http://www.dragoninternet.net/ product:Dragon Events Listing bug:login bypass & injection sql risk:high login bypass : username: 'or''=' passwd: 'or''=' injection sql get http://site.com/eventsearchdetail.asp?ID='sql http://site.com/venuedetail.asp?VenueID='sql laurent gaffie & benjam...