EUVD-2007-3345

Malware in sbrugna...

NetClassifieds Standard 1.9/Professional 1.5/Premium 1.0 gallery.php CatID Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15683/info NetClassifieds is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an...

NetClassifieds Standard 1.9/Professional 1.5/Premium 1.0 ViewItem.php ItemNum Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15683/info NetClassifieds is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an...

NetClassifieds <= 1.9.7 - Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/24584/info NetClassifieds is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues and cross-site...

netclassifieds (sql/xss/full path) Multiple Vulnerabilities

No description provided by source. Application: NetClassifieds: -Free Edition -Standard Edition -Professional Edition -Premium Edition Web Site: http://www.scriptdevelopers.net/ Versions: all Platform: linux, windows Bug: multiple injection sql , xss , full path Fix Available: Yes...

Gallery NetClassifieds Blind SQL Injection

Exploit for php platform in category web applications :----------------------------------------------------------------------------------------------------------------------------------------------: Gallery NetClassifieds Blind SQL Injection...

NetClassifieds Sql Injection

Aria-Security Team Persian Security Team http://Aria-Security.Net Persian http://Aria-Security.com ENG -------------------------------------------- Greetz: Aura, imm02tal, Null, Kinglet, Mormoroth http://www.scriptdevelopers.net/ tested on NetClassifieds Original Post @...

netclassifieds-multi.txt

Application: NetClassifieds version: -Free Edition -Standard Edition -Professional Edition -Premium Edition Web Site: http://www.scriptdevelopers.net/ Versions: all Platform: linux, windows Bug: multiple injection sql , xss , full path Fix Available: Yes...

NetClassifieds (SQL/XSS/Full Path) Multiple Remote Vulnerabilities

No description provided by source. Application: NetClassifieds: -Free Edition -Standard Edition -Professional Edition -Premium Edition Web Site: http://www.scriptdevelopers.net/ Versions: all Platform: linux, windows Bug: multiple injection sql , xss , full path Fix Available: Yes...

CVE-2007-3354

Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition allow remote attackers to execute arbitrary SQL commands via the suserid parameter to ViewCat.php and other unspecified vectors. NOTE: the CatID/ViewCat.php, CatID/gallery.php, and ItemNum/ViewItem.php vectors are already...

CVE-2007-3355

Multiple cross-site scripting XSS vulnerabilities in NetClassifieds Premium Edition allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2007-3357

NetClassifieds Premium Edition does not use encryption for 1 stored passwords or 2 sensitive data, which might allow attackers to obtain information via certain vectors...

Design/Logic Flaw

NetClassifieds Premium Edition allows remote attackers to obtain sensitive information via certain requests that reveal the path in an error message, related to the displayerrors setting in 1 Common.php and 2 imageresizer.php, and 3 the use of FILE in error reporting by imageresizer.php; and 4 vi...

Sql injection

Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition allow remote attackers to execute arbitrary SQL commands via the suserid parameter to ViewCat.php and other unspecified vectors. NOTE: the CatID/ViewCat.php, CatID/gallery.php, and ItemNum/ViewItem.php vectors are already...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in NetClassifieds Premium Edition allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Design/Logic Flaw

NetClassifieds Premium Edition does not use encryption for 1 stored passwords or 2 sensitive data, which might allow attackers to obtain information via certain vectors...

CVE-2007-3354

Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition allow remote attackers to execute arbitrary SQL commands via the suserid parameter to ViewCat.php and other unspecified vectors. NOTE: the CatID/ViewCat.php, CatID/gallery.php, and ItemNum/ViewItem.php vectors are already...

CVE-2007-3357

NetClassifieds Premium Edition does not use encryption for 1 stored passwords or 2 sensitive data, which might allow attackers to obtain information via certain vectors...

CVE-2007-3354

CVE-2007-3354 relates to multiple SQL injection vulnerabilities in NetClassifieds Premium Edition. The NVD entry states remote attackers can execute arbitrary SQL via the s_user_id parameter to ViewCat.php and other unspecified vectors. The entry also notes that certain CatID/ViewCat.php, CatID/g...

CVE-2007-3355

Technical details about CVE-2007-3355 are not publicly provided in the supplied documents. The entries repeat generic XSS vulnerability in NetClassifieds Premium Edition without specifics on affected versions, vectors, or fixes. Monitor for updates.