1493 matches found
CVE-2007-6374
Multiple cross-site scripting XSS vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 users/register.php or 2 search/index.php, or an editcomments action in 3 wiki/index.php or 4 forums/index.php. NOTE: the error...
CVE-2007-6374
CVE-2007-6374 concerns multiple XSS flaws in Bitweaver 2.0.0 and earlier, exploitable via PATH_INFO in four endpoints: /users/register.php, /search/index.php, /wiki/index.php (editcomments action), and /forums/index.php. The vulnerability allows remote attackers to inject arbitrary script or HTML...
CVE-2007-6374
Multiple cross-site scripting XSS vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 users/register.php or 2 search/index.php, or an editcomments action in 3 wiki/index.php or 4 forums/index.php. NOTE: the error...
Bitweaver XSS & SQL Injection Vulnerability
HSC Bitweaver XSS & SQL Injection Vulnerability Bitweaver is an open source content management system. Its speed and power are ideal for large-scale community websites and corporate applications, but it is simple enough for non-technical small site users to set up and administrate. It comes fully...
hc-multi.txt
Title: Multiple Security Bugs In Hosting Controller Critical: Extremely critical Impact: Full system administrator access Vendor: Hosting Controller Version: 6.1 Hot fix = 3.3 Vendor URL: www.hostingcontroller.com Solution: N/A From company - There is temporary solution in this report Exploit:...
Snitz Forums 2000 Active.ASP SQL注入漏洞
Snitz Forums 2000是一款基于ASP的WEB应用程序。 Snitz Forums 2000不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息或操作数据库。 问题是由于'Active.ASP'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 Snitz Forums 2000 Snitz Forums 2000 3.4.6 Snitz Forums 2000 Snitz Forums 2000 3.4 .05 Snitz Forums 2000 Snitz Forums...
bitweaver-sqlxss.txt
HSC Bitweaver XSS & SQL Injection Vulnerability Bitweaver is an open source content management system. Its speed and power are ideal for large-scale community websites and corporate applications, but it is simple enough for non-technical small site users to set up and administrate. It comes fully...
Sql injection
SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the BuildTime parameter...
CVE-2007-6240
SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the BuildTime parameter...
CVE-2007-6240
SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the BuildTime parameter...
CVE-2007-6240
CVE-2007-6240 concerns a SQL injection in Snitz Forums 2000 (build 3.4.06) via the BuildTime parameter in active.asp, allowing remote attackers to execute arbitrary SQL commands. Affected software: Snitz Forums 2000 3.4.06. Root cause: unparameterized SQL handling in the active.asp path. Impact: ...
Snitz Forums 2000 - 'Active.asp' SQL Injection
WwW.BugReport.IR AmnPardaz Security Research & Penetration Testing Group Title: A user can gain admin level in snitz 2000 by SQL Injection vendor: http://forum.snitz.com/ Googling: "Powered by Snitz" 2,440,000 victims Last bug report in 2007-02-16 with 4692 visitors Exploit: Available Fix...
Snitz Forums 2000 - Active.asp SQL Injection
Snitz Forums 2000 - Active.asp SQL Injection WwW.BugReport.IR AmnPardaz Security Research & Penetration Testing Group Title: A user can gain admin level in snitz 2000 by SQL Injection vendor: http://forum.snitz.com/ Googling: "Powered by Snitz" 2,440,000 victims Last bug report in 2007-02-16 with...
Snitz Forums 2000 Active.asp Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications =============================================================== Snitz Forums 2000 Active.asp Remote SQL Injection Vulnerability =============================================================== AmnPardaz Security Research & Penetration Testi...
Snitz Forums 2000 Active.asp Remote SQL Injection Vulnerability
No description provided by source. WwW.BugReport.IR AmnPardaz Security Research & Penetration Testing Group Title: A user can gain admin level in snitz 2000 by SQL Injection vendor: http://forum.snitz.com/ Googling: "Powered by Snitz" 2,440,000 victims Last bug report in 2007-02-16 with 4692...
Sql injection
SQL injection vulnerability in index.php in datecomm Social Networking Script aka Myspace Clone Script allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat s action on the forums page...
CVE-2007-5992
SQL injection vulnerability in index.php in datecomm Social Networking Script aka Myspace Clone Script allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat s action on the forums page...
freeforums-sql.txt
http://Aria-Security.net Aria-Security Team ------------------------------------ Free Forums Sql Injection Vendor: http://www.nvecs.com/forums the search parameter hast an sql injection example: 'having 1=1-- result: MicrosoftODBC Microsoft Access Driver Syntax error missing operator in query...
CVE-2007-5943
Simple Machines Forum SMF 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possible keywords contained in that message...
Code injection
Simple Machines Forum SMF 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possible keywords contained in that message...