15 matches found
EUVD-2006-1691
Malware in sbrugna...
EUVD-2006-1693
Malware in sbrugna...
EUVD-2006-1692
Malware in sbrugna...
[eVuln] MWNewsletter SQL Injection and XSS Vulnerabilities
New eVuln Advisory: MWNewsletter SQL Injection and XSS Vulnerabilities http://evuln.com/vulns/123/summary.html --------------------Summary---------------- eVuln ID: EV0123 CVE: CVE-2006-1690 CVE-2006-1691 CVE-2006-1692 Vendor: Manic Web Software: MWNewsletter Sowtware's Web Site:...
CVE-2006-1690
Cross-site scripting XSS vulnerability in subscribe.php in MWNewsletter 1.0.0b allows remote attackers to inject arbitrary web script or HTML via the username parameter...
Sql injection
Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow remote attackers to execute arbitrary SQL commands via the 1 useremail parameter to a unsubscribe.php or b subscribe.php; or the 2 username parameter to subscribe.php. NOTE: the provenance of this information is unknown; the...
CVE-2006-1692
Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow remote attackers to execute arbitrary SQL commands via the 1 useremail parameter to a unsubscribe.php or b subscribe.php; or the 2 username parameter to subscribe.php. NOTE: the provenance of this information is unknown; the...
Sql injection
SQL injection vulnerability in MWNewsletter 1.0.0b allows remote attackers to execute arbitrary SQL commands via the username parameter to unsubscribe.php...
CVE-2006-1691
SQL injection vulnerability in MWNewsletter 1.0.0b allows remote attackers to execute arbitrary SQL commands via the username parameter to unsubscribe.php...
CVE-2006-1691
CVE-2006-1691 : A SQL injection vulnerability in MWNewsletter 1.0.0b affects the unsubscribe.php script via the user_name parameter. Multiple connected sources confirm the vulnerability arises from inadequate input sanitization, allowing remote attackers to inject arbitrary SQL. Impact is describ...
CVE-2006-1692
CVE-2006-1692 concerns MWNewsletter 1.0.0b, where multiple SQL injection flaws are exposed via input parameters. Specifically, unsanitized user_email (in unsubscribe.php and subscribe.php) and user_name (in subscribe.php) allow remote attackers to inject arbitrary SQL commands, enabling potential...
CVE-2006-1692
Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow remote attackers to execute arbitrary SQL commands via the 1 useremail parameter to a unsubscribe.php or b subscribe.php; or the 2 username parameter to subscribe.php. NOTE: the provenance of this information is unknown; the...
CVE-2006-1690
Cross-site scripting XSS vulnerability in subscribe.php in MWNewsletter 1.0.0b allows remote attackers to inject arbitrary web script or HTML via the username parameter...
CVE-2006-1691
SQL injection vulnerability in MWNewsletter 1.0.0b allows remote attackers to execute arbitrary SQL commands via the username parameter to unsubscribe.php...
CVE-2006-1690
MWNewsletter 1.0.0b is affected by an XSS in subscribe.php via the user_name parameter (CVE-2006-1690). The eVuln entry also documents a SQL Injection vulnerability in unsubscribe.php affecting the same MWNewsletter version, with PoC/Exploit available and no patch listed. CVSS from NVD: 6.8 (Medi...