14 matches found
EUVD-2008-0278
Malware in sbrugna...
eTicket 1.5.5.2 admin.php CSRF
No description provided by source. source: http://www.securityfocus.com/bid/27173/info eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues, a cross-site...
eTicket 1.5.5.2 admin.php Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/27173/info eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues, a cross-site...
CVE-2008-0266
Cross-site request forgery CSRF vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection...
CVE-2008-0268
Cross-site scripting XSS vulnerability in view.php in eTicket 1.5.5.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter...
Sql injection
Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the 1 status, 2 sort, and 3 way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the 4 msg and 5 password...
CVE-2008-0268
Cross-site scripting XSS vulnerability in view.php in eTicket 1.5.5.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter...
CVE-2008-0266
Cross-site request forgery CSRF vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection...
CVE-2008-0093
CVE-2008-0093 refers to multiple cross-site scripting (XSS) vulnerabilities in the web application eTicket, specifically in the script newticket.php. The affected versions are eTicket 1.5.5.2 and 1.5.6 RC2/RC3. The vulnerability allows remote attackers to inject arbitrary web script or HTML via t...
eTicket 1.5.5.2 - search.php Multiple SQL Injections
eTicket 1.5.5.2 - search.php Multiple SQL Injections source: https://www.securityfocus.com/bid/27173/info eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These vulnerabilities include multiple SQL-injection...
eTicket 1.5.5.2 - admin.php Cross-Site Request Forgery
eTicket 1.5.5.2 - admin.php Cross-Site Request Forgery source: https://www.securityfocus.com/bid/27173/info eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These vulnerabilities include multiple SQL-injection...
eTicket 1.5.5.2 - 'admin.php' Cross-Site Request Forgery
source: https://www.securityfocus.com/bid/27173/info eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues, a cross-site scripting issue, and an...
eTicket 1.5.5.2 - 'search.php' Multiple SQL Injections
source: https://www.securityfocus.com/bid/27173/info eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues, a cross-site scripting issue, and an...