19 matches found
EUVD-2009-1805
Malware in sbrugna...
EUVD-2009-1820
Malware in sbrugna...
EUVD-2009-1804
Malware in sbrugna...
my-gesuad 0.9.14 (ab/sql/xss) Multiple Vulnerabilities
No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! --...
Design/Logic Flaw
modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action...
CVE-2009-1825
modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action...
CVE-2009-1825
modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action...
CVE-2009-1825
The CVE-2009-1825 entry concerns myColex 1.4.2, where modules/admuser.php does not require administrative authentication. This design flaw allows remote authenticated users to list user accounts via a Find action, exposing partial confidentiality (user lists). The description and connected source...
Sql injection
Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via 1 the formUser parameter aka the Name field to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to 2...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in myColex 1.4.2 allow remote attackers to inject arbitrary web script or HTML via 1 the year parameter to modules/kalender.php, 2 the Page parameter in a List action to modules/ereignis.php, 3 the Kontext parameter in a Search action to...
CVE-2009-1810
Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via 1 the formUser parameter aka the Name field to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to 2...
CVE-2009-1809
Multiple cross-site scripting XSS vulnerabilities in myColex 1.4.2 allow remote attackers to inject arbitrary web script or HTML via 1 the year parameter to modules/kalender.php, 2 the Page parameter in a List action to modules/ereignis.php, 3 the Kontext parameter in a Search action to...
CVE-2009-1809
Multiple cross-site scripting XSS vulnerabilities in myColex 1.4.2 allow remote attackers to inject arbitrary web script or HTML via 1 the year parameter to modules/kalender.php, 2 the Page parameter in a List action to modules/ereignis.php, 3 the Kontext parameter in a Search action to...
CVE-2009-1809
CVE-2009-1809 affects myColex 1.4.2 with multiple XSS flaws. Reported vulnerabilities allow remote attackers to inject arbitrary script/HTML via (1) year parameter in modules/kalender.php, (2) Page parameter in a List action to modules/ereignis.php, (3) Kontext parameter in a Search action to mod...
CVE-2009-1810
CVE-2009-1810 affects the web app myColex 1.4.2 . The issue comprises multiple SQL injection vulnerabilities: (1) unauthenticated remote insertion of arbitrary SQL via the parameter formUser (the Name field) to common/login.php , and (2) via the ID parameter in a Detail action to modules/ pages (...
CVE-2009-1810
Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via 1 the formUser parameter aka the Name field to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to 2...
MULTIPLE REMOTE VULNERABILITIES --my-colex 1.4.2-->
------------------------------------------------------- MULTIPLE REMOTE VULNERABILITIES --my-colex 1.4.2-- ------------------------------------------------------- CMS INFORMATION: --WEB: http://www.collector.ch/drupal5/index.php --DOWNLOAD: http://www.collector.ch/drupal5/?q=node/11 --DEMO:...
my-colex 1.4.2 SQL Injection / XSS
------------------------------------------------------- MULTIPLE REMOTE VULNERABILITIES --my-colex 1.4.2-- ------------------------------------------------------- CMS INFORMATION: --WEB: http://www.collector.ch/drupal5/index.php --DOWNLOAD: http://www.collector.ch/drupal5/?q=node/11 --DEMO:...
my-gesuad 0.9.14 - Authentication Bypass / SQL Injection / Cross-Site Scripting
|| || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! ---------------------------------------------------------------------------------------------- | MULTIPLE...