EUVD-2005-4258

Malware in sbrugna...

EUVD-2006-6428

Malware in sbrugna...

EUVD-2005-4257

Malware in sbrugna...

EUVD-2007-4236

Malware in sbrugna...

Envolution <= 1.1.0 (PNSVlang) Remote Code Execution Exploit

No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...

Envolution <= 1.1.0 (topic) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl use LWP::UserAgent; use HTTP::Cookies; if@ARGV 3 usage; exit; $site = $ARGV0; Site Target $path = $ARGV1; Path direktori envolution1-0-1 $usid = $ARGV2; member id $www = new LWP::UserAgent; $sql =...

News Module for Envolution modules.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15857/info Envolution is prone to multiple input validation vulnerabilities. Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft ...

News Module for Envolution modules.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/15857/info Envolution is prone to multiple input validation vulnerabilities. Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft ...

Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Envolution: SQL injection, information leakage...

Full path disclosure and SQL Injection vulnerabilities in Envolution

Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых Full path disclosure и SQL Injection уязвимостях в системе Envolution. Full path disclosure: http://site/index.php?module=Errore&type=admin&op=noexist&modname=22 http://site/index.php?module=Errore&type=admin&op=22...

New vulnerabilities in Envolution

Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых Full path disclosure и Cross-Site Scripting уязвимостях в системе Envolution. Full path disclosure: http://site/user.php?module=22 http://site/user.php?uname=22 http://site/user.php?upass=22 http://site/user.php?upassverif=22...

Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Envolution: crossite scripting, information leak...

Multiple vulnerabilities in Envolution

Здравствуйте 3APA3A! Сообщаю вам о найденных мною многочисленных уязвимостях в системе Envolution, в частности Insuficient Anti-automation и Cross-Site Scripting. Insuficient Anti-automation: Уязвимость в user.php в модуле NS-NewUser...

Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Envolution: crossite scripting, automation protection bypass...

Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WP-ContactForm for WordPress: Spamming, Envolution: crossite scripting, informaiton leak...

Vulnerabilities in Envolution

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и Full path disclosure уязвимостях в системе Envolution. XSS: Уязвимость в user.php в модуле NS-NewUser в параметре op. http://site/user.php?module=NS-NewUser&op=3Cscript3Ealertdocument.cookie3C/script3E Full path disclosure:...

CVE-2007-4253

SQL injection vulnerability in the News module in modules.php in Envolution 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2005-4263...

Sql injection

SQL injection vulnerability in the News module in modules.php in Envolution 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2005-4263...

CVE-2007-4253

SQL injection vulnerability in the News module in modules.php in Envolution 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2005-4263...

CVE-2007-4253

CVE-2007-4253 affects Envolution (News module, pages.php) with a SQL injection vulnerability exposed via the topic parameter in News 1.1.0 and earlier. The root cause is unsafely constructed SQL leading to arbitrary SQL execution by remote attackers. Connected documents confirm the same vulnerabi...