Lucene search
K

8 matches found

Prion
Prion
added 2009/09/08 10:30 a.m.12 views

Code injection

Butterfly Organizer 2.0.0 allows remote attackers to 1 delete arbitrary categories via a modified tablehere parameter to category-delete.php with the isjsconfirmed parameter set to 1, or 2 delete arbitrary accounts via the mytable parameter to delete.php...

7.5CVSS7.3AI score0.02287EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2009/04/10 3:0 p.m.43 views

CVE-2008-6700

CVE-2008-6700 describes multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0. The flaws allow remote attackers to inject arbitrary web script or HTML via specific parameters: (1) mytable to view.php, (2) mytable to viewdb2.php, (3) tablehere to category-rename.php, and...

4.3CVSS5.9AI score0.01507EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2009/02/27 11:0 a.m.65 views

CVE-2008-6328

Butterfly Organizer is affected by CVE-2008-6328: an SQL injection in view.php via the id parameter could allow remote execution of arbitrary SQL commands. Affected versions include 2.0.0 and 2.0.1. OpenVAS details also describe additional input-sanitization vulnerabilities (XSS) in the same prod...

7.5CVSS8.7AI score0.01019EPSS
Exploits0References4Affected Software1
seebug.org
seebug.org
added 2008/06/14 12:0 a.m.17 views

Butterfly Organizer 2.0.0 (SQL/XSS) Multiple Remote Vulnerabilities

No description provided by source. ====================================================================== Butterfly Organizer 2.0.0 SQL/XSS Multiple Remote Vulnerabilities ====================================================================== ,--^----------,--------,-----,-------^--, | |||||||||...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2008/06/13 12:0 a.m.11 views

Butterfly ORGanizer 2.0.0 - Arbitrary Delete (CategoryAccount)

Butterfly ORGanizer 2.0.0 - Arbitrary Delete CategoryAccount !/usr/bin/perl -w Butterfly Organizer 2.0.0 ; $b = LWP::UserAgent-new or die "Could not initialize browser\n"; $b-agent'Mozilla/4.0 compatible; MSIE 7.0; Windows NT 5.1'; $host = $ARGV0...

0.8AI score
Exploits0
Exploit DB
Exploit DB
added 2008/06/13 12:0 a.m.38 views

Butterfly ORGanizer 2.0.0 - Arbitrary Delete (Category/Account)

!/usr/bin/perl -w Butterfly Organizer 2.0.0 ; $b = LWP::UserAgent-new or die "Could not initialize browser\n"; $b-agent'Mozilla/4.0 compatible; MSIE 7.0; Windows NT 5.1'; $host = $ARGV0 . "/category-delete.php?tablehere=".$cat."&isjsconfirmed=1"; $res = $b-requestHTTP::Request-newGET=$host; $answ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/06/13 12:0 a.m.38 views

Butterfly ORGanizer 2.0.0 - SQL Injection / Cross-Site Scripting

====================================================================== Butterfly Organizer 2.0.0 SQL/XSS Multiple Remote Vulnerabilities ====================================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2008/06/13 12:0 a.m.14 views

butterfly-delete.txt

!/usr/bin/perl -w Butterfly Organizer 2.0.0 ; $b = LWP::UserAgent-new or die "Could not initialize browser\n"; $b-agent'Mozilla/4.0 compatible; MSIE 7.0; Windows NT 5.1'; $host = $ARGV0 . "/category-delete.php?tablehere=".$cat."&isjsconfirmed=1"; $res = $b-requestHTTP::Request-newGET=$host; $answ...

Exploits0
Rows per page
Query Builder