CVE-2005-3939

Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the 1 catid, 2 perpage, 3 ascdesc, and 4 orderlinks in a displaycat action in a index.php; and the 5 id parameter in b comments.php and c memberlist.php...

CVE-2005-3939

CVE-2005-3939 describes multiple SQL injection vulnerabilities in the WSN Knowledge Base 1.2.0 and earlier. The flaws allow remote attackers to execute arbitrary SQL commands via parameters in displaycat (catid, perpage, ascdesc, orderlinks) and via the id parameter in comments.php and memberlist...

CVE-2005-3939

Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the 1 catid, 2 perpage, 3 ascdesc, and 4 orderlinks in a displaycat action in a index.php; and the 5 id parameter in b comments.php and c memberlist.php...

WSN Knowledge Base 1.2 - comments.php?id SQL Injection

WSN Knowledge Base 1.2 - comments.php?id SQL Injection source: https://www.securityfocus.com/bid/15656/info WSN Knowledge Base is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQ...

WSN Knowledge Base 1.2 - 'index.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/15656/info WSN Knowledge Base is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a...

CVE-2005-3882

SQL injection vulnerability in answer.php in FAQSystems FAQRing Knowledge Base Software 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2005-3881

Vulnerability details for CVE-2005-3881: AtlantisFAQ Knowledge Base Software (version 2.03 and earlier) contains a SQL injection in search.php via the searchStr parameter. Root cause: improper input handling in the search feature enables arbitrary SQL execution. Impact: remote attackers can execu...

CVE-2005-3882

The CVE-2005-3882 entry relates to a SQL injection vulnerability in FAQSystems FAQRing Knowledge Base Software 3.0 and earlier, specifically in answer.php via the id parameter. The vulnerability can allow remote attackers to execute arbitrary SQL commands. Public sources (NVD/CVE) describe affect...

FaqRing 3.0 SQL inj. vuln.

FAQSystems Free Knowledgebase "id" SQL inj. vuln. Vuln. dicovered by : r0t Date: 28 nov. 2005 orginal advisory:http://pridels.blogspot.com/2005/11/faqring-30-sql-inj-vuln.html Vendor:http://faqsystems.com/ affected version: 3.0 and prior Product Description: FaqRing is a free knowledge base...

CVE-2005-3850

Cross-site scripting XSS vulnerability in search.asp in Online Knowledge Base System OKBSYS Lite Edition 1.0 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the q parameter...

OKBSYS Lite 1.0 "search.asp" XSS vuln.

Online Knowledge Base System: Lite Edition 1.0 XSS vuln. Vuln. dicovered by : r0t Date: 25 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/okbsys-lite-10-searchasp-xss-vuln.html Vendor:www.onlinetechtools.com Product link:http://www.onlinetechtools.com/products/okbsys/ affected...

CVS file existence information disclosure weakness

The remote CVS server, according to its version number, can be exploited by malicious users to gain knowledge of certain system information. This behaviour can be exploited to determine the existence and permissions of arbitrary files and directories on a vulnerable system. OpenVAS Vulnerability...

SilverStream directory listing

SilverStream directory listings are enabled. An attacker may use this problem to gain more knowledge on this server and possibly to get files you would want to hide. Reference : http://online.securityfocus.com/archive/101/144786 OpenVAS Vulnerability Test $Id: silverstreamdirlisting.nasl 8023...

Remote Code Execution in Knowledge Builder

KnowledgeBuilder is a feature-packed knowledge base solution CGI suite. A vulnerability in this product may allow a remote attacker to execute arbitrary commands on this host. SPDX-FileCopyrightText: 2003 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and are...

PowerPortal Path Dislcosure

The remote host is using PowerPortal, a content management system, written in PHP. A vulnerability exists in the remote version of this product which may allow a remote attacker to cause the product to disclose the path it is installed under. An attacker may use this flaw to gain more knowledge...

Foreign hackers resources-vulnerability warning-the black bar safety net

allhack.com This website provides a library and a download area. The library for beginners provides hacking knowledge and computer technology basics. The download area includes the Scan Tool, FLOOD tool, decryption tools, denial of service attacks and the like. alw. nih,gov In the security...

multiVulns.txt

Multi-CMS/Forum Vulnability's Found by ap0c hackers pacifico & ratboy Yo! Ok, well a couple new vulnabilitys have been found by.. us : ------------------ First; e107 xss--- ------------------ link=http://w000000w00tw00t/asdadLIlink= onMouseOver='alertdocument.cookie;'...

eRoom 6.0 PlugIn - Insecure File Download Handling

source: https://www.securityfocus.com/bid/14176/info The eRoom plug-in is prone to an insecure file download handling vulnerability. The issue is due to a design fault, where files that are shared by users are apparently passed to default file handlers when downloaded. This can occur without user...

paFaq10beta4.txt

GulfTech Security Research June 20th, 2005 Vendor : php Arena URL : http://www.phparena.net/pafaq.php Version : paFAQ 1.0 Beta 4 Risk : Multiple Vulnerabilities Description: paFAQ is a FAQ/Knowledge base system that allows webmasters to keep an organized database of Frequently Asked Questions; a...

phpBBkbmod.txt

phpBB - Knowledge Base MOD SQL-Injection vulnerability and Full Path Disclosure Discovered by R and deluxe89 Discussion: The phpbb - Knowledge Base MOD has a relatively hard to exploit SQL-Injection vulnerability. However, an attacker can exploit this bug and receive informations from the databas...