36 matches found
EUVD-2005-0476
Malware in sbrugna...
EUVD-2005-2014
Malware in sbrugna...
EUVD-2005-2013
Malware in sbrugna...
PAFaq Administrator Username SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14003/info paFaq is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result...
paFaq beta4 comment.php Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/12582/info paFaq is reportedly affected by an SQL injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation...
paFaq beta4 question.php Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/12582/info paFaq is reportedly affected by an SQL injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation...
paFaq beta4 search.php search_item Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/12582/info paFaq is reportedly affected by an SQL injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation...
paFaq beta4 answer.php offset Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/12582/info paFaq is reportedly affected by an SQL injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation...
PAFaq Question Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14001/info paFaq is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script...
paFaq10beta4.txt
GulfTech Security Research June 20th, 2005 Vendor : php Arena URL : http://www.phparena.net/pafaq.php Version : paFAQ 1.0 Beta 4 Risk : Multiple Vulnerabilities Description: paFAQ is a FAQ/Knowledge base system that allows webmasters to keep an organized database of Frequently Asked Questions; a...
paFAQ 1.0 Beta 4 Multiple Vulnerabilities
The remote host is running paFAQ, a web-based FAQ system implemented in PHP / MySQL. The installed version of paFAQ on the remote host suffers from several vulnerabilities. Among the more serious are a SQL injection vulnerability that enables an attacker to bypass admin authentication and a...
CVE-2005-2013
The CVE-2005-2013 entry concerns paFAQ 1.0 Beta 4, a PHP/MySQL web application. The described vulnerability allows remote attackers to access admin/backup.php directly, which contains a backup of the database including usernames and passwords. This exposure could reveal administrator credentials ...
CVE-2005-2013
paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords...
CVE-2005-2012
Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the 1 username or 2 id parameters...
CVE-2005-2011
Multiple cross-site scripting XSS vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action...
CVE-2005-2014
The vulnerability CVE-2005-2014 affects the web-based FAQ system paFAQ 1.0 Beta 4 . The issue lies in the "upload a language pack" feature, which allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack. The CVE entry notes a MEDIUM sever...
CVE-2005-2013
paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords...
CVE-2005-2011
Multiple cross-site scripting XSS vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action...
CVE-2005-2012
Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the 1 username or 2 id parameters...
CVE-2005-2014
The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack...