15 matches found
EUVD-2007-3336
Malware in sbrugna...
EUVD-2007-3335
Malware in sbrugna...
PHPAccounts 0.5 Index.PHP Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/24574/info PHP Accounts is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
PHPAccounts SQL injection and arbitrary file upload vulnerability-vulnerability warning-the black bar safety net
Release date: 2012-06-11 Update date: 2012-06-21 Affected system: phpaccounts phpaccounts Description: -------------------------------------------------------------------------------- BUGTRAQ ID: 5 3 9 2 0 PHPAccounts is for small businesses, freelancers, consulting firms, the simple Web-based...
phpAccounts 0.5.3 SQL Injection
Exploit phpAcounts v.0.5.3 SQL Injection Date: June 6nd 2012 Author: loneferret Version: 0.5.3 Vendor Url: http://phpaccounts.com/ Tested on: Ubuntu Server 11.10 Discovered by: loneferret Old app, still fun. Auth. Bypass: http:///phpaccounts/index.php Username: x' or '1'='1' Password: Upload php...
PHPAccounts Index.PHP SQL注入漏洞
PHPAccounts是一款基于PHP的WEB应用程序。 PHPAccounts不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'Index.PHP'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可导致应用程序处理时更改原来的SQL逻辑,攻击者可以获得敏感信息或者操作数据库。 PHPAccounts 0.5 目前没有解决方案提供: http://phpaccounts.com/ http://www.example.com/path/index.php?OutgoingTypeID=SQL INJECTION...
Sql injection
Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 allow remote attackers to execute arbitrary SQL commands via the 1 OutgoingTypeID, 2 OutgoingID, 3 ProjectID, 4 ClientID, 5 InvoiceID, or 6 VendorID parameter...
CVE-2007-3345
Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 allow remote attackers to execute arbitrary SQL commands via the 1 OutgoingTypeID, 2 OutgoingID, 3 ProjectID, 4 ClientID, 5 InvoiceID, or 6 VendorID parameter...
Directory traversal
Directory traversal vulnerability in index.php in PHPAccounts 0.5 allows remote attackers to include arbitrary local files via unspecified manipulations of the page parameter...
CVE-2007-3346
Directory traversal vulnerability in index.php in PHPAccounts 0.5 allows remote attackers to include arbitrary local files via unspecified manipulations of the page parameter...
CVE-2007-3345
Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 allow remote attackers to execute arbitrary SQL commands via the 1 OutgoingTypeID, 2 OutgoingID, 3 ProjectID, 4 ClientID, 5 InvoiceID, or 6 VendorID parameter...
CVE-2007-3346
Directory traversal vulnerability in index.php in PHPAccounts 0.5 allows remote attackers to include arbitrary local files via unspecified manipulations of the page parameter...
CVE-2007-3345
CVE-2007-3345 : Multiple SQL injection vulnerabilities in the index.php of PHPAccounts 0.5 allow remote attackers to execute arbitrary SQL via the following parameters: Outgoing_Type_ID, Outgoing_ID, Project_ID, Client_ID, Invoice_ID, or Vendor_ID. The NVD metrics assign a base score of 7.5 (HIGH...
CVE-2007-3346
CVE-2007-3346 affects PHPAccounts 0.5, where a directory traversal in index.php enables remote attackers to include arbitrary local files by manipulating the page parameter. The vulnerability stems from improper handling of file path input, leading to potential Local File Inclusion. The impact is...
PHPAccounts vuln.
PHPAccounts vuln. Vuln. discovered by : r0t Date: 21 June 2007 vendor:http://phpaccounts.com/ orginal advisory: http://pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html affected versions: PHPAccounts 0.5 other versions also can be affected. 1.Local file inclussion PHPAccounts contains a fla...