24 matches found
EUVD-2007-3282
Malware in sbrugna...
EUVD-2007-3283
Malware in sbrugna...
EUVD-2007-3281
Malware in sbrugna...
EUVD-2007-3280
Malware in sbrugna...
LiveCMS <= 3.4 (categoria.php cid) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title LiveCMS = 3.4 SQL Injection, Absolute Path Disclosure, XSS Injection, Arbitrary File Upload...
CVE-2007-3291
Cross-site scripting XSS vulnerability in LiveCMS 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the titulo parameter in article.php...
CVE-2007-3290
categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' quote character in the cid parameter, which reveals the path in a forced SQL error message...
Path traversal
categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' quote character in the cid parameter, which reveals the path in a forced SQL error message...
CVE-2007-3292
Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article...
Sql injection
SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter...
CVE-2007-3293
SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in LiveCMS 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the titulo parameter in article.php...
CVE-2007-3290
categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' quote character in the cid parameter, which reveals the path in a forced SQL error message...
CVE-2007-3292
Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article...
CVE-2007-3290
CVE-2007-3290 affects LiveCMS 3.4 and earlier. The vulnerability is in categoria.php where a single quote in the cid parameter can trigger a forced SQL error and reveal the path to sensitive information. Documents consistently describe this as an information disclosure via error messages, resulti...
CVE-2007-3291
CVE-2007-3291 describes a cross-site scripting (XSS) flaw in LiveCMS 3.4 and earlier. The vulnerability arises from handling the article name (potentially involving the titulo parameter in article.php), allowing remote attackers to inject arbitrary script/HTML. Evidence from NVD lists a MEDIUM im...
CVE-2007-3293
CVE-2007-3293 affects LiveCMS 3.4 and earlier; the vulnerability is an SQL injection in categoria.php via the cid parameter, allowing remote execution of arbitrary SQL commands. The issue is documented in multiple sources (NVD entry and CVE lists). The provided connected documents confirm the aff...
CVE-2007-3293
SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter...
CVE-2007-3291
Cross-site scripting XSS vulnerability in LiveCMS 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the titulo parameter in article.php...
CVE-2007-3292
CVE-2007-3292 : LiveCMS 3.4 and earlier is vulnerable to an unrestricted file upload, enabling remote attackers to upload and execute arbitrary PHP by submitting a PHP file as the image type for an article. Root cause: inadequate validation of the uploaded file type during image handling. Impact:...