14 matches found
EUVD-2012-4598
Malware in sbrugna...
EUVD-2012-3433
Malware in sbrugna...
CVE-2012-3477
SQL injection vulnerability in signupcheck.php in NeoInvoice allows remote attackers to execute arbitrary SQL commands via the value parameter in a username action...
CVE-2012-4673
SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sortcol variable in the listitems function, a different vulnerability than CVE-2012-3477...
NeoInvoice Blind SQL Injection (CVE-2012-3477)
NeoInvoice is a multi-tenant open source invoicing system, that currently contains an unauthenticated blind SQL injection condition in signupcheck.php. The input for the value field isn't being properly sanitized, and is used in string concatenation to create the SQL query. See here for the...
CVE-2012-4673
SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sortcol variable in the listitems function, a different vulnerability than CVE-2012-3477...
CVE-2012-3477
SQL injection vulnerability in signupcheck.php in NeoInvoice allows remote attackers to execute arbitrary SQL commands via the value parameter in a username action...
Sql injection
SQL injection vulnerability in signupcheck.php in NeoInvoice allows remote attackers to execute arbitrary SQL commands via the value parameter in a username action...
Sql injection
SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sortcol variable in the listitems function, a different vulnerability than CVE-2012-3477...
CVE-2012-3477
SQL injection vulnerability in signupcheck.php in NeoInvoice allows remote attackers to execute arbitrary SQL commands via the value parameter in a username action...
CVE-2012-4673
SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sortcol variable in the listitems function, a different vulnerability than CVE-2012-3477...
CVE-2012-4673
CVE-2012-4673 refers to a SQL injection vulnerability in NeoInvoice, specifically in application/controllers/invoice.php where the sort_col parameter in list_items can be manipulated to cause arbitrary SQL execution. This vulnerability is described as a separate issue from CVE-2012-3477. The link...
CVE-2012-3477
CVE-2012-3477 affects NeoInvoice via an unauthenticated blind SQL injection in signup_check.php where the value parameter of the username action is concatenated into an SQL query. The vulnerability allows remote attackers to run arbitrary SQL commands; the PoC shows a value parameter crafted to t...
NeoInvoice Blind SQL Injection
NeoInvoice is a multi-tenant open source invoicing system, that currently contains an unauthenticated blind SQL injection condition in signupcheck.php. The input for the value field isn't being properly sanitized, and is used in string concatenation to create the SQL query. See here for the...