9 matches found
EUVD-2008-6582
Malware in sbrugna...
EUVD-2009-4657
Malware in sbrugna...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in GraFX MiniCWB 2.3.0 allow remote attackers to execute arbitrary PHP code via a URL in the LANG parameter to 1 en.inc.php, 2 hu.inc.php, 3 no.inc.php, 4 ro.inc.php, and 5 ru.inc.php in language/...
CVE-2009-4693
Multiple PHP remote file inclusion vulnerabilities in GraFX MiniCWB 2.3.0 allow remote attackers to execute arbitrary PHP code via a URL in the LANG parameter to 1 en.inc.php, 2 hu.inc.php, 3 no.inc.php, 4 ro.inc.php, and 5 ru.inc.php in language/...
CVE-2009-4693
Multiple PHP remote file inclusion vulnerabilities in GraFX MiniCWB 2.3.0 allow remote attackers to execute arbitrary PHP code via a URL in the LANG parameter to 1 en.inc.php, 2 hu.inc.php, 3 no.inc.php, 4 ro.inc.php, and 5 ru.inc.php in language/...
CVE-2009-4693
GraFX MiniCWB 2.3.0 is affected by multiple PHP remote file inclusion vulnerabilities that allow remote code execution via a URL in the LANG parameter targeting language/en.inc.php, language/hu.inc.php, language/no.inc.php, language/ro.inc.php, and language/ru.inc.php. The root cause is unsafe in...
CVE-2008-6620
Multiple cross-site scripting XSS vulnerabilities in javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php in GraFX miniCWB 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 errcontext, 2 GET, 3 POST, 4 SESSION, 5 SERVER, and 6...
CVE-2008-6620
Multiple cross-site scripting XSS vulnerabilities in javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php in GraFX miniCWB 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 errcontext, 2 GET, 3 POST, 4 SESSION, 5 SERVER, and 6...
CVE-2008-6620
GraFX miniCWB 2.1.1 and earlier are affected by CVE-2008-6620: multiple XSS vulnerabilities in javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php. The issue allows remote attackers to inject arbitrary web script or HTML through (1) errcontext, (2) _GET, (3) _POST, (4)...