86 matches found
EUVD-2005-4163
Malware in sbrugna...
EUVD-2008-2747
Malware in sbrugna...
EUVD-2005-4166
Malware in sbrugna...
EUVD-2007-1115
Malware in sbrugna...
EUVD-2005-4167
Malware in sbrugna...
EUVD-2005-4164
Malware in sbrugna...
EUVD-2005-4168
Malware in sbrugna...
EUVD-2005-4169
Malware in sbrugna...
EUVD-2005-4165
Malware in sbrugna...
EUVD-2005-4162
Malware in sbrugna...
CVE-2005-4171
The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passes the image validity check but executes any PHP...
CVE-2005-4172
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which leaks the full pathname in the resulting PHP error message...
CVE-2005-4173
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function...
CVE-2005-4167
Cross-site scripting XSS vulnerability in eFiction 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the let parameter in a viewlist action to titles.php...
efiction 1.0/1.1/2.0 titles.php let Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/15568/info eFiction is prone to SQL injection, remote file upload, and cross site scripting vulnerabilities. These vulnerabilities may allow an attacker to view and modify sensitive information, gain unauthorized access,...
eFiction <= 2.0 Fake GIF Shell Upload Exploit
No description provided by source. ?php ---efiction20xpl.php 15.19 17/11/2005 eFiction = 2.0 fake GIF Shell Upload coded by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: If fighting is sure to result in victory, then you must fight,...
efiction 1.0/1.1/2.0 viewuser.php uid Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/15568/info eFiction is prone to SQL injection, remote file upload, and cross site scripting vulnerabilities. These vulnerabilities may allow an attacker to view and modify sensitive information, gain unauthorized access,...
efiction 1.0/1.1/2.0 titles.php let Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/15568/info eFiction is prone to SQL injection, remote file upload, and cross site scripting vulnerabilities. These vulnerabilities may allow an attacker to view and modify sensitive information, gain unauthorized access,...
eFiction < 2.0.7 - Remote Admin Authentication Bypass Vulnerability
No description provided by source. eFiction vulnerability I am releasing this to the public. Vendor was notified. Someone is also illegally defacing these websites under MY name, which is a shame because they ripped it from a private discussion on g00ns.net. This proof of concept is not to be use...
efiction 1.0/1.1/2.0 viewstory.php sid Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/15568/info eFiction is prone to SQL injection, remote file upload, and cross site scripting vulnerabilities. These vulnerabilities may allow an attacker to view and modify sensitive information, gain unauthorized access,...