EUVD-2006-1499

Malware in sbrugna...

netOffice Dwins 1.3 - Authentication Bypass Vulnerability and Arbitrary File Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28051/info netOffice Dwins is prone to a vulnerability that allows attackers to bypass authentication as well as a vulnerability that allows attackers to upload arbitrary files. These issues occur because the application...

netOffice Dwins Multiple <= 1.4p3 SQLi Vulnerabilities - Active Check

netOffice Dwins is prone to multiple SQL injection SQLi vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

netOffice Dwins 1.4p3 SQL Injection

:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com 2012-11-08 netOffice Dwins openWorkHours$tmpquery; //5 SQL ..cut.. users/exportuser.php?id=-1 union select...

netOffice Dwins <= 1.4p3 SQL Injection Vulnerability

Exploit for php platform in category web applications Discovered by dun \ posdubatgmail.com 2012-11-08 netOffice Dwins openWorkHours$tmpquery; //5 SQL ..cut.. users/exportuser.php?id=-1 union select 0,0,0,0,0,1,1,1,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0-- File:...

NetOffice Dwins 1.4p3 - SQL Injection

:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com 2012-11-08 netOffice Dwins openWorkHours$tmpquery; //5 SQL ..cut...

CVE-2008-2044

includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP...

Authentication flaw

includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP...

CVE-2008-2044

includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP...

CVE-2008-2044

netOffice Dwins 1.3 p2 is affected by an authentication bypass vulnerability tied to the demoSession parameter. The code compares the demoSession value to the string 'true' instead of the boolean true, enabling remote attackers to set the parameter to 1 and bypass login. The NASL/NVD entries note...

netOffice Dwins demoSession Parameter Authentication Bypass

The remote host is running netOffice Dwins, an open source project management application written in PHP. The version of netOffice Dwins installed on the remote host allows an attacker to bypass authentication and access parts of the affected application to which access would not ordinarily be...

netoffice-exec.txt

netOffice Dwins 1.3 Remote code execution. -------------------------------------------------------- Product: netOffice Dwins Version: 1.3 p2 Vendor: http://netofficedwins.sourceforge.net/ Date: 02/29/08 - Introduction "netOffice Dwins is a free web based time tracking, timesheet, and project...

netOffice Dwins 1.3 Remote code execution.

netOffice Dwins 1.3 Remote code execution. -------------------------------------------------------- Product: netOffice Dwins Version: 1.3 p2 Vendor: http://netofficedwins.sourceforge.net/ Date: 02/29/08 - Introduction "netOffice Dwins is a free web based time tracking, timesheet, and project...

NetOffice Dwins 1.3 - Authentication Bypass Arbitrary File Upload

NetOffice Dwins 1.3 - Authentication Bypass Arbitrary File Upload source: https://www.securityfocus.com/bid/28051/info netOffice Dwins is prone to a vulnerability that allows attackers to bypass authentication as well as a vulnerability that allows attackers to upload arbitrary files. These issue...

NetOffice Dwins 1.3 - Authentication Bypass / Arbitrary File Upload

source: https://www.securityfocus.com/bid/28051/info netOffice Dwins is prone to a vulnerability that allows attackers to bypass authentication as well as a vulnerability that allows attackers to upload arbitrary files. These issues occur because the application fails to adequately sanitize...

CVE-2006-1495

SQL injection vulnerability in general/sendpassword.php in 1 PHPCollab 2.4 and 2.5.rc3, and 2 NetOffice 2.5.3-pl1 and 2.6.0b2 allows remote attackers to execute arbitrary SQL commands via the loginForm parameter in the "forgotten password" option...

Sql injection

SQL injection vulnerability in general/sendpassword.php in 1 PHPCollab 2.4 and 2.5.rc3, and 2 NetOffice 2.5.3-pl1 and 2.6.0b2 allows remote attackers to execute arbitrary SQL commands via the loginForm parameter in the "forgotten password" option...

CVE-2006-1495

SQL injection vulnerability in general/sendpassword.php in 1 PHPCollab 2.4 and 2.5.rc3, and 2 NetOffice 2.5.3-pl1 and 2.6.0b2 allows remote attackers to execute arbitrary SQL commands via the loginForm parameter in the "forgotten password" option...

CVE-2006-1495

CVE-2006-1495 describes an SQL injection in general/sendpassword.php (forgotten password flow) affecting PHPCollab 2.4 and 2.5.rc3, and NetOffice 2.5.3-pl1 and 2.6.0b2. The issue stems from unsanitized loginForm input used in an SQL statement, enabling remote attackers to execute arbitrary SQL co...

PHPCollab 2.x / NetOffice 2.x (sendpassword.php) SQL Injection Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "PHPCollab v2.x / NetOffice v2.x sendpassword.php SQL Injection \r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "- works with magicquotesgpc = Off\r\n\r\n"; echo "...