22 matches found
EUVD-2009-4709
Malware in sbrugna...
DreamLevels Dream Poll 3.0 View_Results.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15849/info Dream Poll is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could...
CVE-2009-4746
Cross-site scripting XSS vulnerability in index.php in Dreamlevels DreamPoll 3.1 allows remote attackers to inject arbitrary web script or HTML via the recordsPerPage parameter in a polldefault login action...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in Dreamlevels DreamPoll 3.1 allows remote attackers to inject arbitrary web script or HTML via the recordsPerPage parameter in a polldefault login action...
CVE-2009-4745
Multiple SQL injection vulnerabilities in index.php in Dreamlevels DreamPoll 3.1 allow remote attackers to execute arbitrary SQL commands via the 1 sortField, 2 sortDesc, or 3 pageNumber parameter in a login action...
CVE-2009-4746
Cross-site scripting XSS vulnerability in index.php in Dreamlevels DreamPoll 3.1 allows remote attackers to inject arbitrary web script or HTML via the recordsPerPage parameter in a polldefault login action...
CVE-2009-4746
The CVE describes a Cross-site Scripting (XSS) vulnerability in Dreamlevels DreamPoll 3.1. Specifically, index.php is vulnerable via the recordsPerPage parameter in a poll_default login action, allowing remote attackers to inject arbitrary web script/HTML. Affected software: Dreamlevels DreamPoll...
CVE-2009-4745
Dreamlevels DreamPoll 3.1 is affected by multiple SQL injection vulnerabilities in index.php. The issue allows an attacker to inject via the login action using one of three parameters: sortField, sortDesc, or pageNumber, enabling arbitrary SQL execution. The CVE entry is tracked with a base metri...
CVE-2009-4745
Multiple SQL injection vulnerabilities in index.php in Dreamlevels DreamPoll 3.1 allow remote attackers to execute arbitrary SQL commands via the 1 sortField, 2 sortDesc, or 3 pageNumber parameter in a login action...
DreamPoll 3.1 Vulnerabilities
During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a client accessing a site that utilizes...
DreamPoll 3.1 SQL Injection / XSS
During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a client accessing a site that utilizes...
DreamPoll 3.1 Vulnerabilities
No description provided by source. During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a...
DreamPoll 3.1 - SQL Injection
DreamPoll 3.1 - SQL Injection During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a client...
DreamPoll 3.1 Vulnerabilities
Exploit for unknown platform in category web applications ============================= DreamPoll 3.1 Vulnerabilities ============================= During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the...
DreamPoll 3.1 - SQL Injection
During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a client accessing a site that utilizes...
Dreampics Builder (exhibition_id) Remote SQL Injection Vulnerability
No description provided by source. Viva IslaM Viva IslaM Remote SQL Injection Vulnerability index.php fuseaction DREAMPICS BUILDER http://www.dreamlevels.com/dreampics.php AuTh0r : Mr.SQL H0ME : WwW.55a.NeT Email : [email protected] -: ExploiteS :-...
DreamPics Builder - 'exhibition_id' SQL Injection
Viva IslaM Viva IslaM Remote SQL Injection Vulnerability index.php fuseaction DREAMPICS BUILDER http://www.dreamlevels.com/dreampics.php AuTh0r : Mr.SQL H0ME : WwW.55a.NeT Email : [email protected] -: ExploiteS :-...
DreamLevels DreamNews 'dreamnews-rss.php' SQL注入漏洞
BUGTRAQ ID: 30170 CNCAN ID:CNCAN-2008071101 DreamLevels DreamNews是一款基于PHP的WEB应用程序。 DreamLevels DreamNews不正确处理用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可能获得敏感信息或操作数据库。 问题由于'dreamnews-rss.php'脚本对用户提交给'id'参数缺少过滤,构建恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 DreamNews 目前没有解决方案提供: http://dreamlevels.com/dreamnews.php...
Dreamlevels Dreampics Builder 'page' SQL注入漏洞
BUGTRAQ ID: 30166 CNCAN ID:CNCAN-2008071103 Dreamlevels Dreampics Builder是一款基于PHP的WEB应用程序。 Dreamlevels Dreampics Builder不正确处理用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可能获得敏感信息或操作数据库。 问题由于脚本对用户提交给'page'参数缺少过滤,构建恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 DreamLevels Dreampics Builder 目前没有解决方案提供:...
CVE-2005-4254
SQL injection vulnerability in viewResults.php in DreamLevels DreamPoll 3.0 final allows remote attackers to execute arbitrary SQL commands via the id parameter...