14 matches found
EUVD-2009-1821
Malware in sbrugna...
EUVD-2009-1806
Malware in sbrugna...
EUVD-2009-1807
Malware in sbrugna...
CVE-2009-1826
modules/admuser.php in myGesuad 0.9.14 aka 0.9 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action...
CVE-2009-1826
The CVE-2009-1826 entry affects myGesuad 0.9.14 (aka 0.9). The vulnerability is that modules/admuser.php does not require administrative authentication, enabling remote authenticated users to list user accounts via a Find action. This is the explicit root cause and impact stated in multiple sourc...
CVE-2009-1826
modules/admuser.php in myGesuad 0.9.14 aka 0.9 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action...
Sql injection
Multiple SQL injection vulnerabilities in myGesuad 0.9.14 aka 0.9 allow remote attackers to execute arbitrary SQL commands via 1 the formUser parameter aka the Name field to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail...
CVE-2009-1812
Multiple SQL injection vulnerabilities in myGesuad 0.9.14 aka 0.9 allow remote attackers to execute arbitrary SQL commands via 1 the formUser parameter aka the Name field to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in myGesuad 0.9.14 aka 0.9 allow remote attackers to inject arbitrary web script or HTML via 1 the Page parameter in a List action to modules/ereignis.php, 2 the Kontext parameter in a Search action to modules/kategorie.php, 3 the image parameter ...
CVE-2009-1811
Multiple cross-site scripting XSS vulnerabilities in myGesuad 0.9.14 aka 0.9 allow remote attackers to inject arbitrary web script or HTML via 1 the Page parameter in a List action to modules/ereignis.php, 2 the Kontext parameter in a Search action to modules/kategorie.php, 3 the image parameter ...
CVE-2009-1812
Multiple SQL injection vulnerabilities in myGesuad 0.9.14 aka 0.9 allow remote attackers to execute arbitrary SQL commands via 1 the formUser parameter aka the Name field to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail...
CVE-2009-1812
CVE-2009-1812 affects myGesuad 0.9.14 (0.9). Vulnerabilities include SQL injection through (1) formUser (Name) in common/login.php and (2) ID parameter in a Detail action to kategorie.php, budget.php, zahlung.php, or adresse.php within modules/, related to classes/class.perform.php. These allow r...
CVE-2009-1811
CVE-2009-1811 affects myGesuad 0.9.14 (aka 0.9). Multiple XSS vulnerabilities allow remote attackers to inject arbitrary script or HTML via (1) Page parameter in List action to modules/ereignis.php, (2) Kontext parameter in Search action to modules/kategorie.php, (3) image parameter in modules/im...
CVE-2009-1811
Multiple cross-site scripting XSS vulnerabilities in myGesuad 0.9.14 aka 0.9 allow remote attackers to inject arbitrary web script or HTML via 1 the Page parameter in a List action to modules/ereignis.php, 2 the Kontext parameter in a Search action to modules/kategorie.php, 3 the image parameter ...