61 matches found
EUVD-2008-3696
Malware in sbrugna...
EUVD-2008-3693
Malware in sbrugna...
EUVD-2005-4004
Malware in sbrugna...
EUVD-2006-2970
Malware in sbrugna...
EUVD-2006-1138
Malware in sbrugna...
EUVD-2007-1977
Malware in sbrugna...
EUVD-2007-3611
Malware in sbrugna...
EUVD-2008-3695
Malware in sbrugna...
CVE-2007-3627
Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to 1 login.php, 2 auth.php, and 3 subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009...
SUSE CVE-2006-2871
PHP remote file inclusion vulnerability in include/common.php in CyBoards PHP Lite 1.25 allows remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter. NOTE: CVE disputes this issue, since $scriptpath is set to a constant value...
PHP Lite Calendar Express 2.2 subscribe.php cid Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14504/info Calendar Express is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an...
CyBoards PHP Lite 1.21/1.25 Common.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18272/info CyBoards PHP Lite is prone to a remote file-include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the...
PHP Lite Calendar Express 2.2 auth.php cid Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14504/info Calendar Express is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an...
CyBoards PHP Lite 1.21/1.25 Post.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17107/info CyBoards PHP Lite is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit cou...
PHP Lite Calendar Express 2.2 login.php cid Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14504/info Calendar Express is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an...
PHP Lite Admin 1.9.3 Code Injection
Exploit Title: phpliteadmin phpliteadmin.php1785: 'When you create a new database, the name you entered will be appended with the appropriate file extension .db, .db3, .sqlite, etc. if you do not include it yourself. The database will be created in the directory you specified as the $directory...
Directory traversal
Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the 1 scriptpath parameter to a options.php and the 2 langcode parameter to b copyvip.php and c processeditboard.php in...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter to 1 flatread.php, 2 post.php, 3 processpost.php, 4 processsearch.php, 5 forum.php, 6 processsubscribe.php, 7 read.php, 8...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to inject arbitrary web script or HTML via the 1 lOptionsOptions, 2 lNavAdminOptions, or 3 lNavReturn parameter to options.php; or the 4 lNavReturn parameter to subscribe.php...
CVE-2008-3707
Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter to 1 flatread.php, 2 post.php, 3 processpost.php, 4 processsearch.php, 5 forum.php, 6 processsubscribe.php, 7 read.php, 8...