36 matches found
EUVD-2008-6361
Malware in sbrugna...
EUVD-2006-1743
Malware in sbrugna...
EUVD-2006-1765
Malware in sbrugna...
EUVD-2008-6346
Malware in sbrugna...
Malicious code in cli-jbook-2023-els (npm)
The package cli-jbook-2023-els was found to contain malicious code...
MAL-2025-17110 Malicious code in cli-jbook-2023-els (npm)
The package cli-jbook-2023-els was found to contain malicious code...
Jbook SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/32599/info Jbook is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
JBook 1.3 Index.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17419/info JBook is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script...
大汉jbook、jget、jvideo、source、jphoto和lm的通用越权漏洞
简要描述: jbook=订阅系统(好像是) source=数据源采集系统 jget=信息采集系统 jvideo=视频系统 jphoto=图片系统 lm=互动系统 大概就是这样。 详细说明: 某个同名文件虽然代码大同小异,但是都产生了同样的越权漏洞,可以重置这几个系统的安装目录相关配置信息。 漏洞证明: None 先用jphoto来做例子。 http://www.yzwh.gov.cn/jphoto/setup/ 这是jphoto的setup目录,先用exp提交数据: 提交成功后,提示配置文件修改完成,重启服务。 Exp里面是把密码设置为123456的...
Joomla JBook Blind SQL Injection
Joomla Component comjbook Blind SQL-injection Vulnerability author : Fl0riX Greetz : BARCOD3 , Septemb0x, Deep-Power,DreamPower,Pyske,F0rtys3v3n,BlackApple Name : comjbook Bug Type : Blind SQL Injection Infection : Admin login bilgileri alýnabilir. Demo Vuln. : TRUE+ »...
CVE-2008-6375
JBook stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to userids.mdb...
Sql injection
SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the password pass parameter...
Improper access control
JBook stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to userids.mdb...
Sql injection
SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the username user parameter...
CVE-2008-6376
SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the password pass parameter...
CVE-2008-6391
SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the username user parameter...
CVE-2008-6375
CVE-2008-6375 affects JBook, where sensitive data is stored under the web root with insufficient access control. The vulnerability allows remote attackers to directly download the database file (userids.mdb), exposing partial confidentiality as per the CVSS metrics (base score 5.0, MEDIUM). The s...
CVE-2008-6391
SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the username user parameter...
CVE-2008-6376
SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the password pass parameter...
CVE-2008-6376
CVE-2008-6376 is a SQL injection vulnerability in Jbook’s main.asp that allows remote attackers to execute arbitrary SQL commands via the password (pass) parameter. The NVD entry reports a base score of 7.5 (HIGH) with NETWORK attack vector and low complexity, impact to confidentiality, integrity...