124 matches found
SUSE CVE-2006-0147
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including 1 Mantis, 2 PostNuke, 3 Moodle, 4 Cacti, 5 Xaraya, 6 PhpOpenChat, possibly 7 MAXdev MD-Pro, and 8 Simplog, allows remote attackers to execute arbitrary PHP...
MAXdev MD-Pro 1.0.76 User.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/20752/info MAXdev MD-Pro is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser...
Md-Pro <= 1.0.8x (Topics topicid) Remote SQL Injection Vulnerability
No description provided by source. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Site: http://www.maxdev.com Download: http://www.maxdev.com/mod-Areafiles-display-lid-510-cid-1.phtml Dork: Powered by Md-Pro !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!...
MAXdev My eGallery Module 3.04 - For Xoops 'gid' Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28220/info MAXdev My eGallery module for Xoops is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...
MAXDEV CMS 1.0.72/1.0.73 PNuserapi.PHP SQL Injection Vulnerability
No description provided by source...
MAXdev MD-Pro 1.0.73 Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/14751/info MAXdev MD-Pro is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issu...
MAXdev MD-Pro 1.0.73 Arbitrary Remote File Upload Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14750/info MAXdev MD-Pro is prone to an arbitrary remote file upload vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. This issue is due to a design error in the...
MAXdev 1.0.83 Cross Site Scripting
Vulnerability ID: HTB22563 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinmaxdev.html Product: MAXdev Vendor: MAXdev http://www.maxdev.it/ Vulnerable Version: 1.0.83 and Probably Prior Versions Vendor Notification: 05 August 2010 Vulnerability Type: XSS Cross Site Scripting Status:...
XSS vulnerability in MAXdev
Vulnerability ID: HTB22563 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinmaxdev.html Product: MAXdev Vendor: MAXdev http://www.maxdev.it/ Vulnerable Version: 1.0.83 and Probably Prior Versions Vendor Notification: 05 August 2010 Vulnerability Type: XSS Cross Site Scripting Status:...
Cross-site Scripting (XSS) Vulnerability in MAXdev
High-Tech Bridge SA Security Research Lab has discovered vulnerability in MAXdev which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in MAXdev The vulnerability exists due to input sanitation error in the "sid" parameter in modules.php. A...
CVE-2009-4577
SQL injection vulnerability in the MDForum module 2.x through 2.07 for MAXdev MDPro allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php...
Sql injection
SQL injection vulnerability in the MDForum module 2.x through 2.07 for MAXdev MDPro allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php...
CVE-2009-4577
The CVE-2009-4577 issue affects MAXdev MDPro’s MDForum module (version 2.x up to 2.07). The vulnerability is a SQL injection in the MDForum component, exploitable via the c parameter to index.php, allowing remote attackers to execute arbitrary SQL commands. PT-2010-1396 details confirm the affect...
CVE-2009-4577
SQL injection vulnerability in the MDForum module 2.x through 2.07 for MAXdev MDPro allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php...
PT-2010-1396 · Maxdev · Mforum
Name of the Vulnerable Software and Affected Versions: MDForum module versions 2.x through 2.07 for MAXdev MDPro Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the c parameter in the "index.php" endpoint. Recommendations: For MDFor...
MDPro Version Detection
This script detects the installed version of MDPro. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2009-2307
SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro aka MD-Pro allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords action to modules.php...
Sql injection
SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro aka MD-Pro allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords action to modules.php...
CVE-2009-2307
SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro aka MD-Pro allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords action to modules.php...
CVE-2009-2307
CVE-2009-2307 affects MAXdev MDPro (aka MD-Pro) CWGuestBook module 2.1 and earlier. The vulnerability is an SQL injection via the rid parameter in a viewrecords action to modules.php, enabling remote data manipulation as described in the CVE entry. Connected documents corroborate the vulnerabilit...