EUVD-2009-4709

Malware in sbrugna...

DreamLevels Dream Poll 3.0 View_Results.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15849/info Dream Poll is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Dreamlevels DreamPoll 3.1 allows remote attackers to inject arbitrary web script or HTML via the recordsPerPage parameter in a polldefault login action...

CVE-2009-4746

Cross-site scripting XSS vulnerability in index.php in Dreamlevels DreamPoll 3.1 allows remote attackers to inject arbitrary web script or HTML via the recordsPerPage parameter in a polldefault login action...

CVE-2009-4745

Multiple SQL injection vulnerabilities in index.php in Dreamlevels DreamPoll 3.1 allow remote attackers to execute arbitrary SQL commands via the 1 sortField, 2 sortDesc, or 3 pageNumber parameter in a login action...

CVE-2009-4745

Multiple SQL injection vulnerabilities in index.php in Dreamlevels DreamPoll 3.1 allow remote attackers to execute arbitrary SQL commands via the 1 sortField, 2 sortDesc, or 3 pageNumber parameter in a login action...

CVE-2009-4745

Dreamlevels DreamPoll 3.1 is affected by multiple SQL injection vulnerabilities in index.php. The issue allows an attacker to inject via the login action using one of three parameters: sortField, sortDesc, or pageNumber, enabling arbitrary SQL execution. The CVE entry is tracked with a base metri...

CVE-2009-4746

Cross-site scripting XSS vulnerability in index.php in Dreamlevels DreamPoll 3.1 allows remote attackers to inject arbitrary web script or HTML via the recordsPerPage parameter in a polldefault login action...

CVE-2009-4746

The CVE describes a Cross-site Scripting (XSS) vulnerability in Dreamlevels DreamPoll 3.1. Specifically, index.php is vulnerable via the recordsPerPage parameter in a poll_default login action, allowing remote attackers to inject arbitrary web script/HTML. Affected software: Dreamlevels DreamPoll...

DreamPoll 3.1 Vulnerabilities

During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a client accessing a site that utilizes...

DreamPoll 3.1 SQL Injection / XSS

During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a client accessing a site that utilizes...

DreamPoll 3.1 Vulnerabilities

No description provided by source. During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a...

DreamPoll 3.1 - SQL Injection

DreamPoll 3.1 - SQL Injection During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a client...

DreamPoll 3.1 Vulnerabilities

Exploit for unknown platform in category web applications ============================= DreamPoll 3.1 Vulnerabilities ============================= During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the...

DreamPoll 3.1 - SQL Injection

During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a client accessing a site that utilizes...

Dreampics Builder (exhibition_id) Remote SQL Injection Vulnerability

No description provided by source. Viva IslaM Viva IslaM Remote SQL Injection Vulnerability index.php fuseaction DREAMPICS BUILDER http://www.dreamlevels.com/dreampics.php AuTh0r : Mr.SQL H0ME : WwW.55a.NeT Email : [email protected] -: ExploiteS :-...

DreamPics Builder - 'exhibition_id' SQL Injection

Viva IslaM Viva IslaM Remote SQL Injection Vulnerability index.php fuseaction DREAMPICS BUILDER http://www.dreamlevels.com/dreampics.php AuTh0r : Mr.SQL H0ME : WwW.55a.NeT Email : [email protected] -: ExploiteS :-...

Dreamlevels Dreampics Builder 'page' SQL注入漏洞

BUGTRAQ ID: 30166 CNCAN ID：CNCAN-2008071103 Dreamlevels Dreampics Builder是一款基于PHP的WEB应用程序。 Dreamlevels Dreampics Builder不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可能获得敏感信息或操作数据库。 问题由于脚本对用户提交给'page'参数缺少过滤，构建恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 DreamLevels Dreampics Builder 目前没有解决方案提供：...

DreamLevels DreamNews 'dreamnews-rss.php' SQL注入漏洞

BUGTRAQ ID: 30170 CNCAN ID：CNCAN-2008071101 DreamLevels DreamNews是一款基于PHP的WEB应用程序。 DreamLevels DreamNews不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可能获得敏感信息或操作数据库。 问题由于'dreamnews-rss.php'脚本对用户提交给'id'参数缺少过滤，构建恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 DreamNews 目前没有解决方案提供： http://dreamlevels.com/dreamnews.php...

CVE-2005-4254

DreamPoll 3.0 final (DreamLevels) contains a SQL injection vulnerability in view_Results.php, exploitable via the id parameter to execute arbitrary SQL. The issue is documented with a CVSS v2 base score of 7.5 (HIGH), affecting confidentiality, integrity, and availability (partial impact) with ne...