36 matches found
EUVD-2007-2993
Malware in sbrugna...
EUVD-2007-2992
Malware in sbrugna...
EUVD-2005-4234
Malware in sbrugna...
EUVD-2007-2994
Malware in sbrugna...
PHP JackKnife 2.21 Cross-Site Scripting Vulnerability
No description provided by source. source: www.securityfocus.com/bid/15841/info PHP JackKnife is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script...
PHP JackKnife 2.21 (PHPJK) G_Display.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/24253/info PHP JackKnife is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. Exploiting these issues could allow an attacker to steal cookie-based authentication...
PHP JackKnife 2.21 (PHPJK) UserArea/Authenticate.php sUName Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/24253/info PHP JackKnife is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. Exploiting these issues could allow an attacker to steal cookie-based authentication...
PHP JackKnife 2.21 (PHPJK) G_Display.php iCategoryUnq Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/24253/info PHP JackKnife is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. Exploiting these issues could allow an attacker to steal cookie-based authentication...
PHP JackKnife 2.21 (PHPJK) UserArea/NewAccounts/index.php sAccountUnq Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/24253/info PHP JackKnife is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. Exploiting these issues could allow an attacker to steal cookie-based authentication...
PHP JackKnife 2.21 (PHPJK) Search/DisplayResults.php iSearchID Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/24253/info PHP JackKnife is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. Exploiting these issues could allow an attacker to steal cookie-based authentication...
Design/Logic Flaw
PHP JackKnife PHPJK allows remote attackers to obtain sensitive information via 1 a request to index.php with an invalid value of the iParentUnq parameter, or a request to GDisplay.php with an invalid 2 iCategoryUnq or 3 sSort array parameter, which reveals the path in various error messages...
CVE-2007-3000
Multiple SQL injection vulnerabilities in PHP JackKnife PHPJK allow remote attackers to execute arbitrary SQL commands via 1 the iCategoryUnq parameter to GDisplay.php or 2 the iSearchID parameter to Search/DisplayResults.php...
Sql injection
Multiple SQL injection vulnerabilities in PHP JackKnife PHPJK allow remote attackers to execute arbitrary SQL commands via 1 the iCategoryUnq parameter to GDisplay.php or 2 the iSearchID parameter to Search/DisplayResults.php...
CVE-2007-3002
PHP JackKnife PHPJK allows remote attackers to obtain sensitive information via 1 a request to index.php with an invalid value of the iParentUnq parameter, or a request to GDisplay.php with an invalid 2 iCategoryUnq or 3 sSort array parameter, which reveals the path in various error messages...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in PHP JackKnife PHPJK allow remote attackers to inject arbitrary web script or HTML via 1 the sUName parameter to UserArea/Authenticate.php, 2 the sAccountUnq parameter to UserArea/NewAccounts/index.php, or the 3 iCategoryUnq, 4 iDBLoc, 5...
CVE-2007-3002
CVE-2007-3002 affects PHP JackKnife (PHPJK). The vulnerability arises when processing invalid values in index.php (iParentUnq[]) or G_Display.php (iCategoryUnq[] or sSort[]), where error messages disclose the path information. The available sources describe the issue but do not specify affected v...
CVE-2007-3000
CVE-2007-3000 concerns multiple SQL injection vulnerabilities in the PHP JackKnife (PHPJK) package. The issues allow remote attackers to execute arbitrary SQL commands by supplying crafted input to two parameters: (1) iCategoryUnq in G_Display.php and (2) iSearchID in Search/DisplayResults.php. A...
CVE-2007-3001
The CVE-2007-3001 entry concerns PHP JackKnife (PHPJK) up to version 2.21 and earlier, with multiple XSS flaws. The described vulnerable components are Server-side scripts in PHP JackKnife: UserArea/Authenticate.php (sUName), UserArea/NewAccounts/index.php (sAccountUnq), and G_Display.php (iCateg...
CVE-2007-3001
Multiple cross-site scripting XSS vulnerabilities in PHP JackKnife PHPJK allow remote attackers to inject arbitrary web script or HTML via 1 the sUName parameter to UserArea/Authenticate.php, 2 the sAccountUnq parameter to UserArea/NewAccounts/index.php, or the 3 iCategoryUnq, 4 iDBLoc, 5...
CVE-2007-3002
PHP JackKnife PHPJK allows remote attackers to obtain sensitive information via 1 a request to index.php with an invalid value of the iParentUnq parameter, or a request to GDisplay.php with an invalid 2 iCategoryUnq or 3 sSort array parameter, which reveals the path in various error messages...