8 matches found
EUVD-2005-4163
Malware in sbrugna...
EUVD-2005-4165
Malware in sbrugna...
EUVD-2005-4162
Malware in sbrugna...
CVE-2005-4170
SQL injection vulnerability in eFiction 1.1 allows remote attackers to execute arbitrary SQL commands via the uid parameter to viewuser.php...
CVE-2005-4171
The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passes the image validity check but executes any PHP...
CVE-2005-4171
The CVE reports a remote PHP code execution in eFiction 1.1 when image-upload is allowed. An uploaded file named with a .php extension can start as a GIF (passes image validation) but contains PHP code that gets executed by the web server, enabling arbitrary code execution. The vulnerability stem...
CVE-2005-4170
An SQL injection vulnerability in eFiction 1.1 allows remote attackers to execute arbitrary SQL commands through the uid parameter to viewuser.php. This CVE-2005-4170 (NVD entry) has a base score of 7.5 (HIGH) with NETWORK access, LOW complexity, no authentication, and partial impacts on confiden...
CVE-2005-4167
CVE-2005-4167 affects eFiction 1.0 and 1.1, where the let parameter in titles.php’s viewlist action is not sanitized, enabling stored or reflected XSS by remote attackers to inject arbitrary script/HTML. The vulnerability arises from unsanitized user input used to generate dynamic pages, allowing...