75 matches found
EUVD-2006-5831
Malware in sbrugna...
EUVD-2011-5047
Malware in sbrugna...
EUVD-2007-6432
Malware in sbrugna...
EUVD-2007-0529
Malware in sbrugna...
EUVD-2006-6924
Malware in sbrugna...
EUVD-2006-5756
Malware in sbrugna...
CVE-2011-5147
Static code injection vulnerability in ajaxsavename.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajaxfilecut.php and then to...
FreeWebShop 2.2 Index.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/20887/info FreeWebShop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise t...
FreeWebshop 2.2.9 R2 Multiple Remote Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/37513/info FreeWebshop is prone to multiple remote vulnerabilities: 1. A security vulnerability that may allow attackers to spoof HTTP headers. 2. A security vulnerability involving the handling of sessions. 3. A security...
FreeWebshop 2.1/2.2 index.php page Parameter Traversal Arbitrary File Access
No description provided by source. source: http://www.securityfocus.com/bid/20969/info FreeWebShop is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and a local file-include issue. An attacker can exploit these issues to view files, execute local script...
FreeWebshop 2.2.1 - Remote Blind SQL Injection Exploit
No description provided by source. !/usr/bin/perl Indonesian Newhack Security Advisory ------------------------------------ FreeWebshop version 2.2.1 - Multiple Remote SQL Injection Vulnerabilities Waktu : Dec 16 2007 01:50AM Software : FreeWebshop version 2.2.1 Vendor : http://www.freewebshop.or...
FreeWebshop <= 2.2.7 (cookie) Admin Password Grabber Exploit
No description provided by source. !/usr/bin/perl Indonesian Newhack Security Advisory ------------------------------------ FreeWebshop = 2.2.7 - cookie Admin Password Grabber Exploit Waktu : Dec 17 2007 04:50AM Software : FreeWebshop = 2.2.7 Vendor : http://www.freewebshop.org/ Demo Site :...
FreeWebshop <= 2.2.9 R2 (ajax_save_name.php) Remote Code Execution
No description provided by source. ?php / -------------------------------------------------------------------------- FreeWebshop = 2.2.9 R2 ajaxsavename.php Remote Code Execution Exploit -------------------------------------------------------------------------- author.............: Egidio Romano...
FreeWebshop 2.1/2.2 index.php cat Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/20969/info FreeWebShop is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and a local file-include issue. An attacker can exploit these issues to view files, execute local script...
FreeWebshop 2.2.9 Cross Site Scripting / SQL Injection
HTTPCS Advisory : HTTPCS98 Product : FreeWebshop Version : 2.2.9 Date : 2012-09-17 Criticality level : Highly Critical Description : A vulnerability has been discovered in FreeWebshop, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the 'searchfor'...
CVE-2011-5147
Static code injection vulnerability in ajaxsavename.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajaxfilecut.php and then to...
Code injection
Static code injection vulnerability in ajaxsavename.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajaxfilecut.php and then to...
CVE-2011-5147
Static code injection vulnerability in ajaxsavename.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajaxfilecut.php and then to...
CVE-2011-5147
CVE-2011-5147 affects FreeWebshop 2.2.9 R2 and earlier, specifically the Ajax File Manager module (tinymce plugin). The vulnerability is a static code injection in ajax_save_name.php that lets remote attackers inject arbitrary PHP into data.php via a selected document, shown by a sequence involvi...
FreeWebshop <= 2.2.9 R2 (ajax_save_name.php) Remote Code Execution Vulnerability
FreeWebshop = 2.2.9 R2 ajaxsavename.php Remote Code Execution Vulnerability author...............: Egidio Romano aka EgiX mail.................: n0b0d13satgmaildotcom software link........: http://www.freewebshop.org/ affected versions....: from 0.9.12 to 2.2.3 - vulnerable code in...