EUVD-2007-3869

Malware in sbrugna...

EUVD-2007-3868

Malware in sbrugna...

husrevforum 1.0.1/2.0.1 Philboard_forum.ASP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24928/info The 'husrevforum' program is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...

Sql injection

SQL injection vulnerability in philboardforum.asp in husrevforum 1.0.1 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: it was later reported that 2.0.1 is also affected...

CVE-2007-3884

SQL injection vulnerability in philboardforum.asp in husrevforum 1.0.1 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: it was later reported that 2.0.1 is also affected...

CVE-2007-3885

CVE-2007-3885 is an XSS vulnerability in husrevforum 1.0.1, affecting philboard_search.asp via the searchterms parameter. The connected documents confirm the affected component and the entry’s cross-site scripting nature, but do not provide remediation steps, exploit details, or version-specific ...

CVE-2007-3884

CVE-2007-3884 refers to a SQL injection vulnerability in philboard_forum.asp used by husrevforum. The affected versions listed are husrevforum 1.0.1 and, later, 2.0.1, with the flaw allowing remote attackers to craft input to the forumid parameter and execute arbitrary SQL commands on the backend...

CVE-2007-3885

Cross-site scripting XSS vulnerability in philboardsearch.asp in husrevforum 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

husrevforum Philboard_forum.ASP SQL注入漏洞

husrevforum是一款ASP的WEB应用程序。 husrevforum不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'Philboardforum.ASP'脚本对用户提交的WEB参数缺少过滤，提交恶意SQL查询作为参数数据，可导致应用程序处理时更改原来的SQL逻辑，攻击者可以获得敏感信息或者操作数据库。 Aspindir husrevforum 1.0.1 tr 目前没有解决方案提供： http://www.aspindir.com/goster/5020...

husrevforum-sql.txt

husrevforum v1.0.1 SQL Injection Vuln Software: husrevforum v1.0.1 tr download: http://www.aspindir.com/goster/5020 demo: http://exmasterx.somee.com/forum Found By: GeFORC3 | G3 Exploit:...

husrevforum-xss.txt

husrevforum v1.0.1 XSS Vuln Software: husrevforum v1.0.1 tr download: http://www.aspindir.com/goster/5020 demo: http://exmasterx.somee.com/forum Found By: GeFORC3 | G3 Exploit: http://site.com/scriptpath/philboardsearch.asp?searchterms= "alert"g3"; This xss works on husrevforum v1.0.1's search...

husrevforum 1.0.12.0.1 - Philboard_forum.asp SQL Injection

husrevforum 1.0.12.0.1 - Philboardforum.asp SQL Injection source: https://www.securityfocus.com/bid/24928/info The 'husrevforum' program is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could...

husrevforum 1.0.1/2.0.1 - 'Philboard_forum.asp' SQL Injection

source: https://www.securityfocus.com/bid/24928/info The 'husrevforum' program is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access o...