10 matches found
EUVD-2006-2553
Malware in sbrugna...
Cross site scripting
Cross-site scripting XSS vulnerability in Jemscripts DownloadControl 1.0 allows remote attackers to inject arbitrary HTML or web script via the dcid parameter to dc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. This issue...
CVE-2006-2553
Cross-site scripting XSS vulnerability in Jemscripts DownloadControl 1.0 allows remote attackers to inject arbitrary HTML or web script via the dcid parameter to dc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. This issue...
Sql injection
Jemscripts DownloadControl 1.0 allows remote attackers to obtain sensitive information via an invalid dcid parameter to dc.php, which leaks the pathname in an error message. NOTE: this was originally claimed to be SQL injection, but it is probably resultant from another issue in functions.php...
CVE-2006-2552
Jemscripts DownloadControl 1.0 allows remote attackers to obtain sensitive information via an invalid dcid parameter to dc.php, which leaks the pathname in an error message. NOTE: this was originally claimed to be SQL injection, but it is probably resultant from another issue in functions.php...
CVE-2006-2552
CVE-2006-2552 affects Jemscripts DownloadControl 1.0. The vulnerability arises from an invalid dcid parameter to dc.php, which leaks the pathname in an error message (remote information disclosure). The note indicates this was originally claimed as SQL injection, but the root cause is likely else...
CVE-2006-2553
This entry documents an XSS vulnerability in Jemscripts DownloadControl 1.0, exploitable via the dcid parameter to dc.php. Conditions: remote attacker can inject arbitrary HTML or web script. The cited CVSS shows MEDIUM severity (AV:N/AC:M/Au:N/C:P/I:N/A:N) with partial confidentiality impact; no...
CVE-2006-2553
Cross-site scripting XSS vulnerability in Jemscripts DownloadControl 1.0 allows remote attackers to inject arbitrary HTML or web script via the dcid parameter to dc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. This issue...
CVE-2006-2552
Jemscripts DownloadControl 1.0 allows remote attackers to obtain sensitive information via an invalid dcid parameter to dc.php, which leaks the pathname in an error message. NOTE: this was originally claimed to be SQL injection, but it is probably resultant from another issue in functions.php...
Jemscripts Download Control v1.0
Jemscripts Download Control v1.0 Homepage: http://www.jemscripts.co.uk Description: DownloadControl provides a complete download file management system that is easy to set-up and maintain and yet gives you powerful features for controlling and monitoring your site download files. You will need to...