EUVD-2007-6598

Malware in sbrugna...

EUVD-2007-6599

Malware in sbrugna...

NetBizCity FaqMasterFlexPlus 'faq.php' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27052/info FaqMasterFlexPlus is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

NetBizCity FaqMasterFlexPlus 'faq.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27051/info FaqMasterFlexPlus is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser ...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to inject arbitrary web script or HTML via 1 the catname parameter to faq.php; and unspecified parameters to the 2 add categories, 3 edit categories, 4 delete categories, 5 add faq...

Default credentials

FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in cleartext in a database, which might allow context-dependent attackers to obtain the password via unspecified database access...

Sql injection

Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to execute arbitrary SQL commands via the categoryid parameter to faq.php, and unspecified other vectors involving additional scripts...

CVE-2007-6635

FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in cleartext in a database, which might allow context-dependent attackers to obtain the password via unspecified database access...

CVE-2007-6633

Multiple cross-site scripting XSS vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to inject arbitrary web script or HTML via 1 the catname parameter to faq.php; and unspecified parameters to the 2 add categories, 3 edit categories, 4 delete categories, 5 add faq...

CVE-2007-6634

Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to execute arbitrary SQL commands via the categoryid parameter to faq.php, and unspecified other vectors involving additional scripts...

CVE-2007-6634

Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to execute arbitrary SQL commands via the categoryid parameter to faq.php, and unspecified other vectors involving additional scripts...

CVE-2007-6634

CVE-2007-6634 describes multiple SQL injection vulnerabilities in FAQMasterFlexPlus , possibly versions 1.5 or 1.52 . The issue allows remote attackers to execute arbitrary SQL commands via the category_id parameter to faq.php , and potentially via other scripts. The sources indicate an unauthent...

CVE-2007-6633

Multiple cross-site scripting XSS vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to inject arbitrary web script or HTML via 1 the catname parameter to faq.php; and unspecified parameters to the 2 add categories, 3 edit categories, 4 delete categories, 5 add faq...

CVE-2007-6633

CVE-2007-6633 involves multiple cross-site scripting (XSS) vulnerabilities in FAQMasterFlexPlus (potentially versions 1.5 or 1.52). The issues allow remote attackers to inject arbitrary web script or HTML via the cat_name parameter to faq.php and via parameters to admin actions (add/edit/delete c...

CVE-2007-6635

FAQMasterFlexPlus (likely Version 1.5 or 1.52) stores the admin password in cleartext in a database. The underlying issue is the insecure storage of credentials, enabling context-dependent attackers who gain access to the database to obtain the password. The documents do not specify additional af...

CVE-2007-6635

FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in cleartext in a database, which might allow context-dependent attackers to obtain the password via unspecified database access...

NetBizCity FaqMasterFlexPlus 'faq.php' SQL注入漏洞

BUGTRAQ ID: 27052 CNCAN ID:CNCAN-2008010202 NetBizCity FaqMasterFlexPlus是一款基于PHP的WEB应用程序。 NetBizCity FaqMasterFlexPlus不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是由于'faq.php'脚本对用户提交的WEB参数处理缺少充分过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 NetBizCity FaqMasterFlexPlus --------- 目前没有解决方案提供...

NetBizCity FaqMasterFlexPlus - faq.php SQL Injection

NetBizCity FaqMasterFlexPlus - faq.php SQL Injection source: https://www.securityfocus.com/bid/27052/info FaqMasterFlexPlus is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

NetBizCity FaqMasterFlexPlus - faq.php Cross-Site Scripting

NetBizCity FaqMasterFlexPlus - faq.php Cross-Site Scripting source: https://www.securityfocus.com/bid/27051/info FaqMasterFlexPlus is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

[Full-disclosure] FAQMasterFlexPlus multiple vulnerabilities

Security Advisory - - FAQMasterFlexPlus multiple vulnerabilities - --------------------------------------------------------------- Product: FAQMasterFlexPlus Version: Latest version is affected, other not tested Vendor: http://www.netbizcity.com Affected by: Cross-Site Scripting & SQL injection...