13 matches found
EUVD-2008-4593
Malware in sbrugna...
ProjectApp 3.3 forums.asp keywords Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/16011/info ProjectApp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...
CVE-2008-4612
Cross-site scripting XSS vulnerability in PortalApp 4.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter to 1 forums.asp and 2 content.asp...
Sql injection
SQL injection vulnerability in forums.asp in PortalApp 4.0 allows remote attackers to execute arbitrary SQL commands via the sortby parameter...
CVE-2008-4612
Cross-site scripting XSS vulnerability in PortalApp 4.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter to 1 forums.asp and 2 content.asp...
CVE-2008-4613
CVE-2008-4613 concerns PortalApp 4.0 where the forums.asp script’s sortby parameter is vulnerable to SQL injection. The root cause is inadequate input sanitization, allowing an unauthenticated attacker to influence database queries via the sortby value. Impact per the sources is the ability to ex...
CVE-2008-4612
PortalApp 4.0 is affected by an XSS flaw triggered through the keywords parameter in content.asp (and also in forums.asp). The root cause is an input sanitization error that allows remote attackers to inject arbitrary HTML/JS into a victim’s browser. This is evidenced by multiple sources (HTBridg...
CVE-2008-4614
PortalApp 4.0 does not require authentication for 1 forums.asp and 2 content.asp, which allows remote attackers to create and delete forums, topics, and replies...
CVE-2008-4613
SQL injection vulnerability in forums.asp in PortalApp 4.0 allows remote attackers to execute arbitrary SQL commands via the sortby parameter...
all forums.asp hack
this exploit have 500.000 site admin forums.asp hack content.asp?contenttype SQL Injection AUTHOR : S@BUN HOME : http://www.hackturkiye.com/ DORKS 2 : allinurl: "content.asp?contenttype" EXPLOIT 1:...
forumsasp-sql.txt
this exploit have 500.000 site admin forums.asp hack content.asp?contenttype SQL Injection AUTHOR : S@BUN HOME : http://www.hackturkiye.com/ DORKS 2 : allinurl: "content.asp?contenttype" EXPLOIT 1:...
PortalApp forums.asp sortby Parameter SQL Injection
The remote host is running PortalApp, a CMS and portal system written in ASP. The version of PortalApp installed on the remote host fails to sanitize input to the 'sortby' parameter of the 'forums.asp' script before using it in a database query. An unauthenticated attacker may be able to exploit...
CVE-2005-2048
Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the 1 iMsg parameter to messages.asp, iFor parameter to 2 post.asp or 3 forums.asp, or 4 id parameter to userEdit.asp. NOTE: vectors 1 and 3 were...