36 matches found
EUVD-2005-2013
Malware in sbrugna...
EUVD-2005-2014
Malware in sbrugna...
EUVD-2005-0476
Malware in sbrugna...
paFaq beta4 question.php Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/12582/info paFaq is reportedly affected by an SQL injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation...
paFaq beta4 comment.php Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/12582/info paFaq is reportedly affected by an SQL injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation...
paFaq beta4 answer.php offset Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/12582/info paFaq is reportedly affected by an SQL injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation...
paFaq beta4 search.php search_item Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/12582/info paFaq is reportedly affected by an SQL injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation...
PAFaq Question Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14001/info paFaq is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script...
PAFaq Administrator Username SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14003/info paFaq is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result...
paFAQ 1.0 Beta 4 Multiple Vulnerabilities
The remote host is running paFAQ, a web-based FAQ system implemented in PHP / MySQL. The installed version of paFAQ on the remote host suffers from several vulnerabilities. Among the more serious are a SQL injection vulnerability that enables an attacker to bypass admin authentication and a...
paFaq10beta4.txt
GulfTech Security Research June 20th, 2005 Vendor : php Arena URL : http://www.phparena.net/pafaq.php Version : paFAQ 1.0 Beta 4 Risk : Multiple Vulnerabilities Description: paFAQ is a FAQ/Knowledge base system that allows webmasters to keep an organized database of Frequently Asked Questions; a...
CVE-2005-2013
paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords...
CVE-2005-2013
The CVE-2005-2013 entry concerns paFAQ 1.0 Beta 4, a PHP/MySQL web application. The described vulnerability allows remote attackers to access admin/backup.php directly, which contains a backup of the database including usernames and passwords. This exposure could reveal administrator credentials ...
CVE-2005-2012
paFAQ 1.0 Beta 4 is affected by multiple SQL injection vulnerabilities in the login flow, allowing remote attackers to bypass authentication by manipulating the (1) username or (2) id parameters. The Nessus plugin and CVE records corroborate that the remote PHP/MySQL application is vulnerable to ...
CVE-2005-2012
Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the 1 username or 2 id parameters...
CVE-2005-2012
Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the 1 username or 2 id parameters...
CVE-2005-2014
The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack...
CVE-2005-2011
Multiple cross-site scripting XSS vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action...
CVE-2005-2011
paFAQ 1.0 Beta 4 contains multiple XSS vulnerabilities that allow remote attackers to inject arbitrary web script or HTML, demonstrated via the id parameter in a Question action. The CVE-2005-2011 entry is corroborated by multiple sources in the provided documents (NVD/CVE record, CVE list, and N...
CVE-2005-2013
paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords...