17 matches found
EUVD-2007-1359
Malware in sbrugna...
DropAFew 0.2 search.php delete Action id Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/23400/info DropAFew is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...
DropAFew 0.2 editlogcal.php save Action calories Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/23400/info DropAFew is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...
DropAFew 0.2 newaccount2.php Arbitrary Account Creation
No description provided by source. source: http://www.securityfocus.com/bid/23400/info DropAFew is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...
CVE-2007-1363
Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in the delete action in a search.php or b search-pda.php, or the 2 calories parameter in a save action in editlogcal.php...
Sql injection
Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in the delete action in a search.php or b search-pda.php, or the 2 calories parameter in a save action in editlogcal.php...
CVE-2007-1364
DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to 1 view the logged calorie information of arbitrary users via the id parameter in editlogcal.php, 2 add arbitrary links via links.php, or 3 create arbitrary users via newaccount2.p...
CVE-2007-1363
Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in the delete action in a search.php or b search-pda.php, or the 2 calories parameter in a save action in editlogcal.php...
CVE-2007-1364
CVE-2007-1364 affects DropAFew before 0.2.1 and is an authorization flaw that allows remote attackers to perform privileged actions: (1) view arbitrary users’ logged calorie data via id in editlogcal.php, (2) add arbitrary links via links.php, and (3) create arbitrary users via newaccount2.php. T...
CVE-2007-1363
DropAFew before 0.2.1 contains SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands via (1) id in delete action (search.php or search-pda.php) or (2) calories in save action (editlogcal.php). Affected software is DropAFew (calorie counting app). The issue ar...
AKLINK-SA-2007-002.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================ ||| Security Advisory AKLINK-SA-2007-002 ||| ||| CVE-2007-1363 CVE candidate ||| ||| CVE-2007-1364 CVE candidate ||| ============================================ DropAFew - Multiple vulnerabilities SQL...
[Full-disclosure] DropAFew - SQL injection and authorization issues
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================ ||| Security Advisory AKLINK-SA-2007-002 ||| ||| CVE-2007-1363 CVE candidate ||| ||| CVE-2007-1364 CVE candidate ||| ============================================ DropAFew - Multiple vulnerabilities SQL...
DropAFew 0.2 - newaccount2.php Arbitrary Account Creation
DropAFew 0.2 - newaccount2.php Arbitrary Account Creation source: https://www.securityfocus.com/bid/23400/info DropAFew is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could...
DropAFew 0.2 - 'editlogcal.php?save Action calories' SQL Injection
source: https://www.securityfocus.com/bid/23400/info DropAFew is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or...
DropAFew 0.2 - 'search.php?delete Action id' SQL Injection
source: https://www.securityfocus.com/bid/23400/info DropAFew is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or...
DropAFew 0.2 - search.php?delete Action id SQL Injection
DropAFew 0.2 - search.php?delete Action id SQL Injection source: https://www.securityfocus.com/bid/23400/info DropAFew is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could all...
DropAFew 0.2 - editlogcal.php?save Action calories SQL Injection
DropAFew 0.2 - editlogcal.php?save Action calories SQL Injection source: https://www.securityfocus.com/bid/23400/info DropAFew is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues...