EUVD-2009-3136

Malware in sbrugna...

X10media Mp3 Search Engine <= 1.6 - Remote File Disclosure Vulnerability

No description provided by source. THUNDER X10media Mp3 Search Engine v1.5.5 - 1.6 Remote File Disclosure Vulnerability Founded by : THUNDER t4hathotmail.fr Dork: This search engine is in no way intended for illegal downloads. File : Download.php...

X10Media Mp3 Search Engine < 1.6.2 Admin Access Vulnerability

No description provided by source. THUNDER Product: X10media Mp3 Search Engine v1.x Admin Access Vulnerability Author : THUNDER t4hathotmail.fr File : admin/admin.php Vulnerable Code / User not an administrator, redirect to main page automatically. / if!$session-isAdmin headerLocation: ../main.ph...

Mobile Mp3 Search Engine HTTP Response Splitting

-=--------------------ADVISORY-------------------=- Mobile Mp3 Search Engine 2.0 Author: Corrado Liotta Aka CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Mobile Mp3 Search Engine -=+ Version: 2.0 -=+ Vendor's URL:...

CVE-2009-3153

Multiple cross-site scripting XSS vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the 1 picid parameter to includes/videoad.php, 2 category parameter to linkvideoslisting.php, id parameter to 3 templates/header1.php and 4...

CVE-2009-3153

CVE-2009-3153 describes multiple cross-site scripting (XSS) vulnerabilities in the x10 MP3 Search engine 1.6.5. The issues allow remote attackers to inject arbitrary scripts/HTML via: 1) pic_id (includes/video_ad.php), 2) category (linkvideos_listing.php), 3) id (templates/header1.php), 4) id (mp...

x10 MP3 Automatic Search Engine 1.6.5b - templatesheader1.php?id Cross-Site Scripting

x10 MP3 Automatic Search Engine 1.6.5b - templatesheader1.php?id Cross-Site Scripting source: https://www.securityfocus.com/bid/43336/info x10 Media Automatic MP3 Search Engine is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An...

x10 MP3 Automatic Search Engine 1.6.5b - info.php?name Cross-Site Scripting

x10 MP3 Automatic Search Engine 1.6.5b - info.php?name Cross-Site Scripting source: https://www.securityfocus.com/bid/43336/info x10 Media Automatic MP3 Search Engine is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker m...

x10 MP3 Automatic Search Engine 1.6.5 - &#039;linkvideos_listing.php?category&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/43336/info x10 Media Automatic MP3 Search Engine is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of ...

x10 MP3 Automatic Search Engine 1.6.5b - &#039;embed.php?name&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/43336/info x10 Media Automatic MP3 Search Engine is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of ...

x10 MP3 Automatic Search Engine 1.6.5b - &#039;/templates/header1.php?id&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/43336/info x10 Media Automatic MP3 Search Engine is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of ...

x10 MP3 Automatic Search Engine 1.6.5b - video_listing.php?key Cross-Site Scripting

x10 MP3 Automatic Search Engine 1.6.5b - videolisting.php?key Cross-Site Scripting source: https://www.securityfocus.com/bid/43336/info x10 Media Automatic MP3 Search Engine is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An...

x10 MP3 Automatic Search Engine 1.6.5b - &#039;info.php?name&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/43336/info x10 Media Automatic MP3 Search Engine is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of ...

x10 MP3 Automatic Search Engine 1.6.5b - &#039;video_listing.php?key&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/43336/info x10 Media Automatic MP3 Search Engine is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of ...

x10 MP3 Automatic Search Engine 1.6.5 - linkvideos_listing.php?category Cross-Site Scripting

x10 MP3 Automatic Search Engine 1.6.5 - linkvideoslisting.php?category Cross-Site Scripting source: https://www.securityfocus.com/bid/43336/info x10 Media Automatic MP3 Search Engine is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied inpu...

x10 MP3 Automatic Search Engine 1.6.5b - embed.php?name Cross-Site Scripting

x10 MP3 Automatic Search Engine 1.6.5b - embed.php?name Cross-Site Scripting source: https://www.securityfocus.com/bid/43336/info x10 Media Automatic MP3 Search Engine is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker...

CVE-2008-6960

download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php...

Design/Logic Flaw

download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php...

CVE-2008-6960

download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php...

X10Media MP3 Search Engine Admin Access

THUNDER Product: X10media Mp3 Search Engine v1.x Admin Access Vulnerability Author : THUNDER File : admin/admin.php Vulnerable Code / User not an administrator, redirect to main page automatically. / if!$session-isAdmin header"Location: ../main.php"; else / Administrator is viewing page, so displ...