EUVD-2008-1641

Malware in sbrugna...

CVE-2008-1640

CVE-2008-1640 affects the Woltlab Burning Board addon “JGS-XA JGS-Treffen” (version 2.0.2 and earlier). The vulnerability is in the file jgs_treffen.php and is triggered via the view_id parameter in an ansicht action, enabling remote attackers to execute arbitrary SQL commands (SQL injection). Th...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the JGS-XA JGS-Gallery Addon 4.0.0 and earlier for Woltlab Burning Board wBB 2.x allow remote attackers to inject arbitrary web script or HTML via the 1 userid parameter in a jgsgalerieslideshow.php and b jgsgaleriescroll.php, and the 2 katid...

CVE-2006-0927

CVE-2006-0927 describes multiple XSS vulnerabilities in the JGS-XA/JGS-Gallery Addon 4.0.0 and earlier for Woltlab Burning Board (wBB) 2.x. The issue arises in the parameters (1) userid of jgs_galerie_slideshow.php and jgs_galerie_scroll.php, and (2) katid of jgs_galerie_slideshow.php, allowing r...

JGSvulns.txt

SePro Bugtraq WBB Portal - JGS-Portal = 3.0.2 - Multiple Vulnerabilities 09.05.05 Vendor: JGS-XA URL: http://www.jgs-xa.de/ Version: = 3.0.2 Type: SQL-Injections, XSS and Full Path Disclosures Discovered by deluxe89 and the Security-Project Team Description: ------------------------- The JGS-Port...

CVE-2005-1634

The data confirms concrete flaws in JGS-XA/JGS-Portal up to version 3.0.2: multiple XSS and SQL injection vectors enabled via parameters in jgs_portal.php and related scripts (anzahl_beitraege, year in statistik/beitraggraf/themes, tag, id in sponsor) or even the Accept-Language header to jgs_por...

CVE-2005-1635

JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain the full server path via direct requests to 1 jgsportalref.php, 2 jgsportalland.php, 3 jgsportallog.php, 4 jgsportalglobalsponsor.php, 5 jgsportalglobal.php, 6 jgsportalsystem.php, 7 jgsportalviews.php; or multiple files in the...

CVE-2005-1635

JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain the full server path via direct requests to 1 jgsportalref.php, 2 jgsportalland.php, 3 jgsportallog.php, 4 jgsportalglobalsponsor.php, 5 jgsportalglobal.php, 6 jgsportalsystem.php, 7 jgsportalviews.php; or multiple files in the...

CVE-2005-1634

Multiple cross-site scripting XSS vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 anzahlbeitraege parameter to jgsportal.php, 2 year parameter to jgsportalstatistik.php, 3 year parameter to jgsportalbeitraggraf.php, 4...

CVE-2005-1635

The provided Connected documents confirm that JGS-XA JGS-Portal

CVE-2005-1633

Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 anzahlbeitraege parameter to jgsportal.php, 2 year parameter to jgsportalstatistik.php, 3 year parameter to jgsportalbeitraggraf.php, 4 tag parameter to...

CVE-2005-1634

Multiple cross-site scripting XSS vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 anzahlbeitraege parameter to jgsportal.php, 2 year parameter to jgsportalstatistik.php, 3 year parameter to jgsportalbeitraggraf.php, 4...

CVE-2005-1633

The connected OpenVAS entries describe the vulnerability in JGS-Portal (WoltLab Burning Board integration) as SQL injection flaws in JGS-Portal

[SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05)

SePro Bugtraq WBB Portal - JGS-Portal = 3.0.2 - Multiple Vulnerabilities 09.05.05 Vendor: JGS-XA URL: http://www.jgs-xa.de/ Version: = 3.0.2 Type: SQL-Injections, XSS and Full Path Disclosures Discovered by deluxe89 and the Security-Project Team Description: ------------------------- The JGS-Port...