EUVD-2007-3345

Malware in sbrugna...

NetClassifieds Standard 1.9/Professional 1.5/Premium 1.0 gallery.php CatID Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15683/info NetClassifieds is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an...

NetClassifieds Standard 1.9/Professional 1.5/Premium 1.0 ViewItem.php ItemNum Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15683/info NetClassifieds is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an...

NetClassifieds <= 1.9.7 - Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/24584/info NetClassifieds is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues and cross-site...

netclassifieds (sql/xss/full path) Multiple Vulnerabilities

No description provided by source. Application: NetClassifieds: -Free Edition -Standard Edition -Professional Edition -Premium Edition Web Site: http://www.scriptdevelopers.net/ Versions: all Platform: linux, windows Bug: multiple injection sql , xss , full path Fix Available: Yes...

Gallery NetClassifieds Blind SQL Injection

Exploit for php platform in category web applications :----------------------------------------------------------------------------------------------------------------------------------------------: Gallery NetClassifieds Blind SQL Injection...

NetClassifieds Sql Injection

Aria-Security Team Persian Security Team http://Aria-Security.Net Persian http://Aria-Security.com ENG -------------------------------------------- Greetz: Aura, imm02tal, Null, Kinglet, Mormoroth http://www.scriptdevelopers.net/ tested on NetClassifieds Original Post @...

netclassifieds-multi.txt

Application: NetClassifieds version: -Free Edition -Standard Edition -Professional Edition -Premium Edition Web Site: http://www.scriptdevelopers.net/ Versions: all Platform: linux, windows Bug: multiple injection sql , xss , full path Fix Available: Yes...

NetClassifieds (SQL/XSS/Full Path) Multiple Remote Vulnerabilities

No description provided by source. Application: NetClassifieds: -Free Edition -Standard Edition -Professional Edition -Premium Edition Web Site: http://www.scriptdevelopers.net/ Versions: all Platform: linux, windows Bug: multiple injection sql , xss , full path Fix Available: Yes...

CVE-2007-3357

NetClassifieds Premium Edition does not use encryption for 1 stored passwords or 2 sensitive data, which might allow attackers to obtain information via certain vectors...

Sql injection

Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition allow remote attackers to execute arbitrary SQL commands via the suserid parameter to ViewCat.php and other unspecified vectors. NOTE: the CatID/ViewCat.php, CatID/gallery.php, and ItemNum/ViewItem.php vectors are already...

CVE-2007-3354

Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition allow remote attackers to execute arbitrary SQL commands via the suserid parameter to ViewCat.php and other unspecified vectors. NOTE: the CatID/ViewCat.php, CatID/gallery.php, and ItemNum/ViewItem.php vectors are already...

Design/Logic Flaw

NetClassifieds Premium Edition does not use encryption for 1 stored passwords or 2 sensitive data, which might allow attackers to obtain information via certain vectors...

Design/Logic Flaw

NetClassifieds Premium Edition allows remote attackers to obtain sensitive information via certain requests that reveal the path in an error message, related to the displayerrors setting in 1 Common.php and 2 imageresizer.php, and 3 the use of FILE in error reporting by imageresizer.php; and 4 vi...

CVE-2007-3355

Multiple cross-site scripting XSS vulnerabilities in NetClassifieds Premium Edition allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in NetClassifieds Premium Edition allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2007-3354

Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition allow remote attackers to execute arbitrary SQL commands via the suserid parameter to ViewCat.php and other unspecified vectors. NOTE: the CatID/ViewCat.php, CatID/gallery.php, and ItemNum/ViewItem.php vectors are already...

CVE-2007-3355

Technical details about CVE-2007-3355 are not publicly provided in the supplied documents. The entries repeat generic XSS vulnerability in NetClassifieds Premium Edition without specifics on affected versions, vectors, or fixes. Monitor for updates.

CVE-2007-3354

CVE-2007-3354 relates to multiple SQL injection vulnerabilities in NetClassifieds Premium Edition. The NVD entry states remote attackers can execute arbitrary SQL via the s_user_id parameter to ViewCat.php and other unspecified vectors. The entry also notes that certain CatID/ViewCat.php, CatID/g...

CVE-2007-3357

NetClassifieds Premium Edition does not use encryption for 1 stored passwords or 2 sensitive data, which might allow attackers to obtain information via certain vectors...