alitalk 1.9.1.1 - Multiple Vulnerabilities

No description provided by source. ALITALK v 1.9.1.1 Multiple Vulnerabilities author : tomplixsee google dork : POWERED BY ALITALK download : http://www.alilg.com/software/free-php-ajax-chat/ SQL INJECTION you need to login in order to exploit this vulnerability vulnerable code on...

CVE-2008-0391

The CVE-2008-0391 entry concerns inc/elementz.php in aliTalk 1.9.1.1, where authentication verification is flawed, enabling remote attackers to add an arbitrary user account by tampering with the lilil parameter alongside ubild and pa. The vulnerability enables partial confidentiality, integrity,...

CVE-2008-0391

inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters...

CVE-2006-2344

SQL injection vulnerability in inc/elementz.php in AliPAGER 1.5, with magicquotesgpc disabled, allows remote attackers to execute arbitrary SQL commands via the ubild parameter...

CVE-2006-2344

The CVE-2006-2344 issue affects AliPAGER 1.5, with a SQL injection in inc/elementz.php via the ubild parameter when magic_quotes_gpc is disabled. Root cause is improper input handling enabling arbitrary SQL execution. Impact per available data: partial confidentiality and partial integrity; no av...

CVE-2006-2345

CVE-2006-2345 describes a cross-site scripting (XSS) vulnerability in the AliPAGER 1.5 product, specifically in the file inc/elementz.php. The issue allows remote attackers to inject arbitrary web script or HTML through the ubild parameter. The description notes the provenance is from third‑party...