14 matches found
EUVD-2007-6138
Malware in sbrugna...
EUVD-2007-6132
Malware in sbrugna...
GOUAE DWD Realty Password Parameters SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26579/info DWD Realty is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise th...
GOUAE DWD Realty密码参数SQL注入漏洞
GOUAE DWD Realty是一款基于PHP的WEB应用程序。 GOUAE DWD Realty不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息或操作数据库。 问题是由于脚本对用户提交的用户名参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或可能操作数据库。 GOUAE DWD Reality 目前没有解决方案提供: http://ebusiness.gouae.com/realty.asp Username: Admin Password: anything' OR 'x'='x...
Sql injection
SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the pword aka Password parameter. NOTE: some of these details are obtained from third party information...
Sql injection
SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the uname parameter, a different vector than CVE-2007-6163. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2007-6169
SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the uname parameter, a different vector than CVE-2007-6163. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2007-6163
SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the pword aka Password parameter. NOTE: some of these details are obtained from third party information...
CVE-2007-6163
SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the pword aka Password parameter. NOTE: some of these details are obtained from third party information...
CVE-2007-6169
SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the uname parameter, a different vector than CVE-2007-6163. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2007-6169
CVE-2007-6169 concerns a SQL injection in admin/index2.asp of GOUAE DWD Realty. The vulnerable parameter is uname (distinct from CVE-2007-6163’s pword); exploitation would allow remote attackers to execute arbitrary SQL commands. The connected sources confirm a similar vulnerability in the same a...
CVE-2007-6163
CVE-2007-6163: Concrete details across connected sources show a SQL injection vulnerability in admin/index2.asp of GOUAE DWD Realty. The pword (Password) parameter is exploitable to execute arbitrary SQL commands, enabling remote attackers to interact with the database. Related entries also note ...
GOUAE DWD Realty - 'Password' SQL Injection
source: https://www.securityfocus.com/bid/26579/info DWD Realty is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...
GOUAE DWD Realty - Password SQL Injection
GOUAE DWD Realty - Password SQL Injection source: https://www.securityfocus.com/bid/26579/info DWD Realty is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...