24 matches found
EUVD-2008-0310
Malware in sbrugna...
EUVD-2008-0311
Malware in sbrugna...
Mapbender 2.4.4 - (gaz) Remote SQL Injection Vulnerability
No description provided by source. Advisory: SQL-Injections in Mapbender During a penetration test RedTeam Pentesting discovered multiple SQL-Injections in Mapbender. A remote attacker is able to execute arbitrary SQL commands and therefore can get e.g. valid usernames and password hashes of the...
Mapbender <= 2.4.4 (mapFiler.php) Remote Code Execution Vulnerability
No description provided by source. Advisory: Remote Command Execution in Mapbender During a penetration test RedTeam Pentesting discovered a remote command execution vulnerability in Mapbender. An unauthorized user can create arbitrary PHP-files on the Mapbender webserver, which can later be...
rt-sa-2008-001.txt
Advisory: Remote Command Execution in Mapbender During a penetration test RedTeam Pentesting discovered a remote command execution vulnerability in Mapbender. An unauthorized user can create arbitrary PHP-files on the Mapbender webserver, which can later be executed. Details ======= Product:...
rt-sa-2008-002.txt
Advisory: SQL-Injections in Mapbender During a penetration test RedTeam Pentesting discovered multiple SQL-Injections in Mapbender. A remote attacker is able to execute arbitrary SQL commands and therefore can get e.g. valid usernames and password hashes of the Mapbender users. Details =======...
CVE-2008-0300
mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences...
Null pointer dereference
mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences...
CVE-2008-0301
Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to modgazetteeredit.php and other unspecified vectors...
Sql injection
Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to modgazetteeredit.php and other unspecified vectors...
CVE-2008-0301
Mapbender 2.4.4 contains SQL injection vulnerabilities (notably via the gaz parameter to mod_gazetteer_edit.php and related vectors). Root cause is insufficient input validation/unfiltered user input, allowing remote attackers to craft SQL commands and potentially access sensitive data such as us...
CVE-2008-0300
mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences...
CVE-2008-0301
Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to modgazetteeredit.php and other unspecified vectors...
CVE-2008-0300
Mapbender vulnerability CVE-2008-0300 affects Mapbender 2.4 up to 2.4.4, via mapFiler.php. Root cause: lack of input filtering allows PHP code sequences placed in the factor parameter to be written to a file and later executed. Impact: remote code execution on the webserver with the privileges of...
[Full-disclosure] Advisory: SQL-Injections in Mapbender
Advisory: SQL-Injections in Mapbender During a penetration test RedTeam Pentesting discovered multiple SQL-Injections in Mapbender. A remote attacker is able to execute arbitrary SQL commands and therefore can get e.g. valid usernames and password hashes of the Mapbender users. Details =======...
Mapbender 2.4.4 (gaz) Remote SQL Injection Vulnerability
No description provided by source. Advisory: SQL-Injections in Mapbender During a penetration test RedTeam Pentesting discovered multiple SQL-Injections in Mapbender. A remote attacker is able to execute arbitrary SQL commands and therefore can get e.g. valid usernames and password hashes of the...
Mapbender <= 2.4.4 (mapFiler.php) Remote Code Execution Vulnerability
No description provided by source. Advisory: Remote Command Execution in Mapbender During a penetration test RedTeam Pentesting discovered a remote command execution vulnerability in Mapbender. An unauthorized user can create arbitrary PHP-files on the Mapbender webserver, which can later be...
Mapbender 2.4.4 - 'gaz' SQL Injection
Advisory: SQL-Injections in Mapbender During a penetration test RedTeam Pentesting discovered multiple SQL-Injections in Mapbender. A remote attacker is able to execute arbitrary SQL commands and therefore can get e.g. valid usernames and password hashes of the Mapbender users. Details =======...
Mapbender <= 2.4.4 (mapFiler.php) Remote Code Execution Vulnerability
Exploit for unknown platform in category web applications ===================================================================== Mapbender = 2.4.4 mapFiler.php Remote Code Execution Vulnerability ===================================================================== Advisory: Remote Command Executi...
Mapbender 2.4.4 (gaz) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ======================================================== Mapbender 2.4.4 gaz Remote SQL Injection Vulnerability ======================================================== Advisory: SQL-Injections in Mapbender During a penetration test RedTea...