21 matches found
EUVD-2009-4710
Malware in sbrugna...
EUVD-2005-4249
Malware in sbrugna...
EUVD-2009-4709
Malware in sbrugna...
CVE-2009-4746
Cross-site scripting XSS vulnerability in index.php in Dreamlevels DreamPoll 3.1 allows remote attackers to inject arbitrary web script or HTML via the recordsPerPage parameter in a polldefault login action...
CVE-2009-4745
Multiple SQL injection vulnerabilities in index.php in Dreamlevels DreamPoll 3.1 allow remote attackers to execute arbitrary SQL commands via the 1 sortField, 2 sortDesc, or 3 pageNumber parameter in a login action...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in Dreamlevels DreamPoll 3.1 allows remote attackers to inject arbitrary web script or HTML via the recordsPerPage parameter in a polldefault login action...
Sql injection
Multiple SQL injection vulnerabilities in index.php in Dreamlevels DreamPoll 3.1 allow remote attackers to execute arbitrary SQL commands via the 1 sortField, 2 sortDesc, or 3 pageNumber parameter in a login action...
CVE-2009-4745
Multiple SQL injection vulnerabilities in index.php in Dreamlevels DreamPoll 3.1 allow remote attackers to execute arbitrary SQL commands via the 1 sortField, 2 sortDesc, or 3 pageNumber parameter in a login action...
CVE-2009-4746
Cross-site scripting XSS vulnerability in index.php in Dreamlevels DreamPoll 3.1 allows remote attackers to inject arbitrary web script or HTML via the recordsPerPage parameter in a polldefault login action...
CVE-2009-4745
Dreamlevels DreamPoll 3.1 is affected by multiple SQL injection vulnerabilities in index.php. The issue allows an attacker to inject via the login action using one of three parameters: sortField, sortDesc, or pageNumber, enabling arbitrary SQL execution. The CVE entry is tracked with a base metri...
CVE-2009-4746
The CVE describes a Cross-site Scripting (XSS) vulnerability in Dreamlevels DreamPoll 3.1. Specifically, index.php is vulnerable via the recordsPerPage parameter in a poll_default login action, allowing remote attackers to inject arbitrary web script/HTML. Affected software: Dreamlevels DreamPoll...
DreamPoll 3.1 Vulnerabilities
During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a client accessing a site that utilizes...
DreamPoll 3.1 SQL Injection / XSS
During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a client accessing a site that utilizes...
DreamPoll 3.1 Vulnerabilities
No description provided by source. During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a...
DreamPoll 3.1 Vulnerabilities
Exploit for unknown platform in category web applications ============================= DreamPoll 3.1 Vulnerabilities ============================= During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the...
DreamPoll 3.1 - SQL Injection
DreamPoll 3.1 - SQL Injection During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a client...
DreamPoll 3.1 - SQL Injection
During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a client accessing a site that utilizes...
CVE-2005-4254
SQL injection vulnerability in viewResults.php in DreamLevels DreamPoll 3.0 final allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2005-4254
SQL injection vulnerability in viewResults.php in DreamLevels DreamPoll 3.0 final allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2005-4254
DreamPoll 3.0 final (DreamLevels) contains a SQL injection vulnerability in view_Results.php, exploitable via the id parameter to execute arbitrary SQL. The issue is documented with a CVSS v2 base score of 7.5 (HIGH), affecting confidentiality, integrity, and availability (partial impact) with ne...