EUVD-2006-1643

Malware in sbrugna...

EUVD-2006-1644

Malware in sbrugna...

Sql injection

SQL injection vulnerability in login.php in Interact 2.1.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party...

CVE-2006-1643

SQL injection vulnerability in login.php in Interact 2.1.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party...

CVE-2006-1642

Cross-site scripting XSS vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via 1 the searchterms parameter to a search.php, and 2 the firstname, 3 lastname, 4 email, 5 password, and 6 confirmpassword parameters to b userinput.php. NOTE: the provenance ...

CVE-2006-1644

login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Cross site scripting

Cross-site scripting XSS vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via 1 the searchterms parameter to a search.php, and 2 the firstname, 3 lastname, 4 email, 5 password, and 6 confirmpassword parameters to b userinput.php. NOTE: the provenance ...

Information disclosure

login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-1643

Interac t 2.1.1 is affected by an SQL injection in login.php, exploitable via the user_name parameter to allow remote execution of arbitrary SQL commands. The CVE record confirms this is a SQL injection vulnerability with a CVSS base score of 7.5 (HIGH) and network access with no authentication r...

CVE-2006-1644

login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-1643

SQL injection vulnerability in login.php in Interact 2.1.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party...

CVE-2006-1644

InterAct 2.1.1’s login.php reveals an information-disclosure vulnerability: responses differ for valid vs invalid usernames, enabling remote enumeration of usernames. Affected component is login handling in Interact 2.1.1; root cause is input-based response variance. Impact is partial confidentia...

CVE-2006-1642

The CVE-2006-1642 entry describes a Cross-site Scripting (XSS) vulnerability in Interact 2.1.1. The flaw allows remote attackers to inject arbitrary web script or HTML via multiple input vectors: search_terms in search.php and first_name, last_name, email, password, and confirm_password in userin...