30 matches found
EUVD-2006-1045
Malware in sbrugna...
EUVD-2006-1046
Malware in sbrugna...
EUVD-2008-3361
Malware in sbrugna...
Malicious code in gregarius (npm)
The package gregarius was found to contain malicious code...
MAL-2025-21917 Malicious code in gregarius (npm)
The package gregarius was found to contain malicious code...
Gregarius <= 0.5.4 rsargs[] Remote SQL Injection Vulnerability
No description provided by source. GulfTech Security Research July 29, 2008 Vendor : Marco Bonetti URL : http://www.gregarius.net/ Version : Gregarius = 0.5.4 Risk : SQL Injection Description: Gregarius is a popular web-based RSS/RDF/ATOM feed aggregator written in php. There are some SQL Injecti...
Gregarius 0.6.1 - Multiple SQL Injections / Cross-Site Scripting
source: https://www.securityfocus.com/bid/51338/info Gregarius is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication...
Gregarius 0.x.x Cross Site Scripting / SQL Injection
Exploit Title: Gregarius 0.x.x SQL Injection/Cross Site Scripting Date: 7.01.2012 Author: Sony Software Link: http://www.phpkode.com/projects/item/gregarius/ Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC:...
Gregarius 0.6.1 - Multiple SQL Injections Cross-Site Scripting
Gregarius 0.6.1 - Multiple SQL Injections Cross-Site Scripting source: https://www.securityfocus.com/bid/51338/info Gregarius is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these vulnerabilities...
Gregarius ajax.php文件SQL注入漏洞
BUGTRAQ ID: 30423 Gregarius是基于php的RSS聚合器,可以将所设定的源聚合在一起,以HTML或者XML方式输出。 Gregarius的/ajax.php文件中存在多个SQL注入漏洞,允许远程攻击者无需认证便可获得管理凭据。以下是有漏洞的代码段: function expgetFeedContent$cid obstart; rssrequire'cls/items.php'; $readItems = new ItemList; $readItems - populate" noti.unread & ". RSSMODEUNREADSTATE ." and...
CVE-2008-3374
SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an expgetFeedContent action...
CVE-2008-3374
CVE-2008-3374 afects Gregarius up to version 0.5.4: an SQL injection in ajax.php via the rsargs array in the __exp__getFeedContent action. This allows an unauthenticated, remote attacker to manipulate database queries in the application and potentially disclose data. The vulnerability is triggere...
CVE-2008-3374
SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an expgetFeedContent action...
Gregarius <= 0.5.4 SQL Injection
GulfTech Security Research July 29, 2008 Vendor : Marco Bonetti URL : http://www.gregarius.net/ Version : Gregarius = 0.5.4 Risk : SQL Injection Description: Gregarius is a popular web-based RSS/RDF/ATOM feed aggregator written in php. There are some SQL Injection issues in Gregarius that allow f...
Gregarius <= 0.5.4 rsargs[] Remote SQL Injection Vulnerability
No description provided by source. GulfTech Security Research July 29, 2008 Vendor : Marco Bonetti URL : http://www.gregarius.net/ Version : Gregarius = 0.5.4 Risk : SQL Injection Description: Gregarius is a popular web-based RSS/RDF/ATOM feed aggregator written in php. There are some SQL Injecti...
Gregarius 0.5.4 - SQL Injection
Gregarius 0.5.4 - SQL Injection GulfTech Security Research July 29, 2008 Vendor : Marco Bonetti URL : http://www.gregarius.net/ Version : Gregarius populate" noti.unread & ". RSSMODEUNREADSTATE ." and i.cid= $cid", "", 0, 2, ITEMSORTHINTREAD; $readItems - setTitleLBLH2RECENTITEMS; $readItems -...
Gregarius ajax.php rsargs[] Parameter Array SQL Injection
The remote host is running Gregarius, a web-based RSS / RDF / ATOM feed aggregator written in PHP. The version of Gregarius installed on the remote host fails to sanitize user-supplied input to the 'rsargs' parameter array of the 'ajax.php' script before using it in a database query. An...
gregarius-sql.txt
GulfTech Security Research July 29, 2008 Vendor : Marco Bonetti URL : http://www.gregarius.net/ Version : Gregarius populate" noti.unread & ". RSSMODEUNREADSTATE ." and i.cid= $cid", "", 0, 2, ITEMSORTHINTREAD; $readItems - setTitleLBLH2RECENTITEMS; $readItems - setRenderOptionsILTITLENOESCAPE;...
Gregarius <= 0.5.4 rsargs[] Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ============================================================== Gregarius populate" noti.unread & ". RSSMODEUNREADSTATE ." and i.cid= $cid", "", 0, 2, ITEMSORTHINTR...
Gregarius 0.5.4 - SQL Injection
GulfTech Security Research July 29, 2008 Vendor : Marco Bonetti URL : http://www.gregarius.net/ Version : Gregarius populate" noti.unread & ". RSSMODEUNREADSTATE ." and i.cid= $cid", "", 0, 2, ITEMSORTHINTREAD; $readItems - setTitleLBLH2RECENTITEMS; $readItems - setRenderOptionsILTITLENOESCAPE;...