EUVD-2007-0384

Malware in sbrugna...

EUVD-2007-1337

Malware in sbrugna...

Joomla! Letterman Subscriber Module 1.2.4 Mod_Lettermansubscribe.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24479/info The Joomla! Letterman Subscriber module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...

CVE-2007-3249

CVE-2007-3249 is an XSS vulnerability in the Joomla! Letterman Subscriber module (mod_letterman) before version 1.2.5, triggered via the Itemid parameter in mod_lettermansubscribe.php. The connected documents confirm the affected component and vulnerability type, but do not provide concrete explo...

CVE-2007-3249

Cross-site scripting XSS vulnerability in modlettermansubscribe.php in the Letterman Subscriber modletterman before 1.2.5 module for Joomla! allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter...

TISA2007-01.txt

========================================================================= TeamIntell Security Advisory TISA2007-01 ------------------------------------------------------------------------- Letterman Subscriber Module "Itemid" Script Insertion Vulnerability...

[Full-disclosure] Letterman subscriber module XSS vulnerability

========================================================================= TeamIntell Security Advisory TISA2007-01 ------------------------------------------------------------------------- Letterman Subscriber Module "Itemid" Script Insertion Vulnerability...

Joomla! Component Letterman Subscriber Module 1.2.4 - 'Mod_Lettermansubscribe.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/24479/info The Joomla! Letterman Subscriber module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser...

Joomla! Component Letterman Subscriber Module 1.2.4 - Mod_Lettermansubscribe.php Cross-Site Scripting

Joomla! Component Letterman Subscriber Module 1.2.4 - ModLettermansubscribe.php Cross-Site Scripting source: https://www.securityfocus.com/bid/24479/info The Joomla! Letterman Subscriber module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize...

Remote file inclusion

PHP remote file inclusion vulnerability in eintrag.php in Weltennetz News-Letterman 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sqllog parameter...

CVE-2007-1340

PHP remote file inclusion vulnerability in eintrag.php in Weltennetz News-Letterman 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sqllog parameter...

CVE-2007-1340

CVE-2007-1340 is a PHP remote file inclusion vulnerability in eintrag.php of Weltennetz News-Letterman 1.1. The sqllog parameter can be a URL, enabling execution of arbitrary PHP code on the server. Affected: Weltennetz News-Letterman 1.1 (PHP). Root cause: remote file inclusion. Impact per refer...

News-Letterman 1.1 (eintrag.php sqllog) Remote File Include Exploit

No description provided by source. !/usr/bin/perl News-Letterman 1.1 eintrag.php Remote File Include Exploit Download: http://www.weltennetz.de/download/letterman1.1.zip Vulnerable Code: include $sqllog; Coded by bd0rk || SOH-Crew Usage: exploit.pl target cmd shell shell variable Greetings: str0k...

News-Letterman 1.1 - eintrag.php?sqllog Remote File Inclusion

News-Letterman 1.1 - eintrag.php?sqllog Remote File Inclusion !/usr/bin/perl News-Letterman 1.1 eintrag.php Remote File Include Exploit Download: http://www.weltennetz.de/download/letterman1.1.zip Vulnerable Code: include $sqllog; Coded by bd0rk || SOH-Crew Usage: exploit.pl target cmd shell shel...

News-Letterman 1.1 - 'eintrag.php?sqllog' Remote File Inclusion

!/usr/bin/perl News-Letterman 1.1 eintrag.php Remote File Include Exploit Download: http://www.weltennetz.de/download/letterman1.1.zip Vulnerable Code: include $sqllog; Coded by bd0rk || SOH-Crew Usage: exploit.pl target cmd shell shell variable Greetings: str0ke, TheJT, seduce, Perle, CodeR use...

Letterman ID参数SQL注入漏洞

Letterman是一款基于PHP的WEB应用程序。 Letterman不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 问题是多个脚本对用户提交的'id'参数缺少过滤，提交恶意SQL代码作为参数数据，可更改原来的SQL逻辑，获得敏感信息。 VirtueMart Letterman 1.2.3 目前没有解决方案提供： http://virtuemart.net/index.php?option=comcontent&task=view&id=199...

Sql injection

Multiple SQL injection vulnerabilities in letterman.class.php in the Letterman 1.2.3 comletterman component for Joomla! before 1.0.12 allow remote attackers to execute arbitrary SQL commands via the id parameter, related to the 1 lmsendMail, 2 saveNewsletter, and 3 cancelNewsletter functions...

CVE-2007-0382

The CVE-2007-0382 entry affects the Letterman 1.2.3 (com_letterman) Joomla! component. The vulnerability is a set of SQL injection flaws in letterman.class.php that allow remote attackers to execute arbitrary SQL commands via the id parameter, impacting three functions (lm_sendMail, saveNewslette...

CVE-2007-0382

Multiple SQL injection vulnerabilities in letterman.class.php in the Letterman 1.2.3 comletterman component for Joomla! before 1.0.12 allow remote attackers to execute arbitrary SQL commands via the id parameter, related to the 1 lmsendMail, 2 saveNewsletter, and 3 cancelNewsletter functions...