24 matches found
EUVD-2008-7058
Malware in sbrugna...
EUVD-2008-7056
Malware in sbrugna...
EUVD-2008-7057
Malware in sbrugna...
k-rate (sql/xss) Multiple Vulnerabilities
No description provided by source. ================================================================================ || K-Rate SQL-INJECTION, XSS ================================================================================ Application: K-Rate ------------ Website: http://turn-k.net/k-rate...
K-Rate Advanced Picture Rating Cross Site Scripting
x Author: Andrea Bocchetti x Contact: [email protected] x Homepage : www.geekit.it // Software Info x Name : K-Rate Advanced Picture Rating Script x Vendor : http://kratedemo.com Quick Search fields are potentially exploitable XSS alert/XSS/...
K-Rate SQL Injection
K-Rate SQL Injection Vulnerability By: e.wiZz! Script site:http://turn-k.net/k-rate In the wild... Vulnerability: SQL Injection in view.php,variable username. Anyway, all sites i saw which are powered by this script are hosted on Apache,and have a modrewrite enabled,so you need to try this:...
K-Rate SQL Injection Vulnerability
Exploit for unknown platform in category web applications ================================== K-Rate SQL Injection Vulnerability ================================== Script site:http://turn-k.net/k-rate In the wild... Vulnerability: SQL Injection in view.php,variable username. Anyway, all sites i sa...
K-Rate - SQL Injection
K-Rate - SQL Injection K-Rate SQL Injection Vulnerability By: e.wiZz! Script site:http://turn-k.net/k-rate In the wild... Vulnerability: SQL Injection in view.php,variable username. Anyway, all sites i saw which are powered by this script are hosted on Apache,and have a modrewrite enabled,so you...
K-Rate - SQL Injection
K-Rate SQL Injection Vulnerability By: e.wiZz! Script site:http://turn-k.net/k-rate In the wild... Vulnerability: SQL Injection in view.php,variable username. Anyway, all sites i saw which are powered by this script are hosted on Apache,and have a modrewrite enabled,so you need to try this:...
Sql injection
Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via 1 the $id variable in admin/includes/delecpac.php, 2 $ordorderid variable in payments/paymentreceived.php, 3 $id variable in includes/functions.php, and 4 unspecified...
CVE-2008-7098
Multiple cross-site scripting XSS vulnerabilities in Qsoft K-Rate Premium allow remote attackers to inject arbitrary web script or HTML via the blog, possibly the 1 Title and 2 Text fields; 3 the gallery, possibly the Description field in Your Pictures; 4 the forum, possibly the Your Message fiel...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Qsoft K-Rate Premium allow remote attackers to inject arbitrary web script or HTML via the blog, possibly the 1 Title and 2 Text fields; 3 the gallery, possibly the Description field in Your Pictures; 4 the forum, possibly the Your Message fiel...
Design/Logic Flaw
Unspecified vulnerability in the Manage Templates feature in Qsoft K-Rate Premium allows remote attackers to execute arbitrary PHP code via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-7097
Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via 1 the $id variable in admin/includes/delecpac.php, 2 $ordorderid variable in payments/paymentreceived.php, 3 $id variable in includes/functions.php, and 4 unspecified...
CVE-2008-7097
Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via 1 the $id variable in admin/includes/delecpac.php, 2 $ordorderid variable in payments/paymentreceived.php, 3 $id variable in includes/functions.php, and 4 unspecified...
CVE-2008-7098
CVE-2008-7098 involves multiple cross-site scripting (XSS) vulnerabilities in the Qsoft K-Rate Premium software. According to the NVD entry, remote attackers may inject arbitrary script or HTML via various input points: the blog (Title/Text), the Your Pictures gallery (Description), the forum (Yo...
CVE-2008-7098
Multiple cross-site scripting XSS vulnerabilities in Qsoft K-Rate Premium allow remote attackers to inject arbitrary web script or HTML via the blog, possibly the 1 Title and 2 Text fields; 3 the gallery, possibly the Description field in Your Pictures; 4 the forum, possibly the Your Message fiel...
CVE-2008-7099
CVE-2008-7099 concerns a vulnerability in the Manage Templates feature of Qsoft K-Rate Premium that could allow remote attackers to execute arbitrary PHP code. The available sources identify the affected product as Qsoft K-Rate Premium and specify the vulnerability as arising in the Manage Templa...
CVE-2008-7097
Qsoft K-Rate Premium is affected by multiple SQL injection flaws (CVE-2008-7097). The vulnerabilities affect PHP-based paths including admin/includes/dele_cpac.php (via $id), payments/payment_received.php (via $ord[order_id]), includes/functions.php (via $id), and modules/chat.php (unnamed variab...
krate-sqlxss.txt
================================================================================ || K-Rate SQL-INJECTION, XSS ================================================================================ Application: K-Rate ------------ Website: http://turn-k.net/k-rate -------- Demo: http://kratedemo.com ---...