20 matches found
EUVD-2009-2120
Malware in sbrugna...
EUVD-2009-2119
Malware in sbrugna...
Sql injection
Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the 1 inUser aka Username and 2 inPass aka Password parameters to a inc/login.ei, reachable through login.php; and the 3 id parameter to b showbug.php and c showactivity.php. NOTE: i...
Cross site scripting
Cross-site scripting XSS vulnerability in showactivity.php in Elvin 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter...
CVE-2009-2130
Elvin 1.2.0 allows remote attackers to read the PHP source code of 1 login.ei, 2 jumpbug.ei, or 3 createaccount.ei in inc/ via a direct request...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action...
CVE-2009-2130
Elvin 1.2.0 allows remote attackers to read the PHP source code of 1 login.ei, 2 jumpbug.ei, or 3 createaccount.ei in inc/ via a direct request...
Directory traversal
Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the id parameter...
Design/Logic Flaw
Elvin 1.2.0 allows remote attackers to read the PHP source code of 1 login.ei, 2 jumpbug.ei, or 3 createaccount.ei in inc/ via a direct request...
CVE-2009-2129
Cross-site request forgery CSRF vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action...
CVE-2009-2127
Cross-site scripting XSS vulnerability in showactivity.php in Elvin 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter...
CVE-2009-2123
Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the 1 inUser aka Username and 2 inPass aka Password parameters to a inc/login.ei, reachable through login.php; and the 3 id parameter to b showbug.php and c showactivity.php. NOTE: i...
CVE-2009-2129
CVE-2009-2129 describes a cross-site request forgery (CSRF) vulnerability in the Elvin 1.2.0 login.php that allows a remote attacker to hijack the authentication of arbitrary users via a logout action. The vulnerability is documented across multiple sources (NVD entry and CVE records) with the sa...
CVE-2009-2129
Cross-site request forgery CSRF vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action...
CVE-2009-2124
Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the id parameter...
CVE-2009-2127
CVE-2009-2127 is a cross‑site scripting (XSS) vulnerability in Elvin 1.2.0 , specifically in the file show_activity.php . The flaw allows remote attackers to inject arbitrary web script or HTML via the id parameter. The referenced CVSSv2 base score is 4.3 (Medium) with network access, user intera...
CVE-2009-2130
Elvin 1.2.0 allows remote attackers to read the PHP source code of 1 login.ei, 2 jumpbug.ei, or 3 createaccount.ei in inc/ via a direct request...
CVE-2009-2124
Elvin 1.2.0 is affected by a directory traversal vulnerability in page.php that allows remote attackers to include and execute arbitrary local files via a .. in the id parameter. Impact details: CVSSv2 base score 7.5 (HIGH) with NETWORK attack vector, LOW complexity, NONE authentication, and PART...
CVE-2009-2123
Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the 1 inUser aka Username and 2 inPass aka Password parameters to a inc/login.ei, reachable through login.php; and the 3 id parameter to b showbug.php and c showactivity.php. NOTE: i...
CVE-2009-2127
Cross-site scripting XSS vulnerability in showactivity.php in Elvin 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter...