23 matches found
EUVD-2006-3009
Malware in sbrugna...
EUVD-2006-1205
Malware in sbrugna...
EUVD-2006-3010
Malware in sbrugna...
EUVD-2010-2270
Malware in sbrugna...
CVE-2010-2258
Cross-site scripting XSS vulnerability in signupconfirm.php in phpBannerExchange 1.2 Arabic allows remote attackers to inject arbitrary web script or HTML via the bannerurl parameter...
CVE-2010-2258
Cross-site scripting XSS vulnerability in signupconfirm.php in phpBannerExchange 1.2 Arabic allows remote attackers to inject arbitrary web script or HTML via the bannerurl parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in signupconfirm.php in phpBannerExchange 1.2 Arabic allows remote attackers to inject arbitrary web script or HTML via the bannerurl parameter...
CVE-2010-2258
Cross-site scripting XSS vulnerability in signupconfirm.php in phpBannerExchange 1.2 Arabic allows remote attackers to inject arbitrary web script or HTML via the bannerurl parameter...
CVE-2010-2258
CVE-2010-2258 describes a cross-site scripting (XSS) vulnerability in signupconfirm.php of phpBannerExchange 1.2 Arabic . The issue allows remote attackers to inject arbitrary web script or HTML via the bannerurl parameter. The accompanying records consistently list this as a classic XSS in the s...
rt-sa-2006-004.txt
Advisory: Authentication bypass in phpBannerExchange RedTeam identified two SQL injections in phpBannerExchange. It is possible to bypass user authentication with them. Details ======= Product: phpBannerExchange Affected Versions: All versions up to phpBannerExchange 2.0 RC5 Fixed Versions: 2.0 R...
rt-sa-2006-005.txt
Advisory: Unauthorized password recovery in phpBannerExchange RedTeam identified an SQL injection that can be triggered due to a bad user input sanitization in phpBannerExchange. It is possible to recover a password of an user and thereby overtake his account. Details ======= Product:...
CVE-2006-3012
SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via the 1 login parameter in a client/stats.php and b admin/stats.php, or the 2 pass parameter in client/stats.php...
CVE-2006-3013
Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null %00 character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could...
CVE-2006-3012
SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via the 1 login parameter in a client/stats.php and b admin/stats.php, or the 2 pass parameter in client/stats.php...
CVE-2006-3012
The CVE-2006-3012 entry concerns phpBannerExchange prior to 2.0 Update 6, with SQL injection via user-supplied input in client/stats.php and admin/stats.php (login) or client/stats.php (pass). The root cause is unsanitized input used to construct SQL queries, allowing remote attackers to alter qu...
CVE-2006-3013
The CVE-2006-3013 issue affects phpBannerExchange (pre-2.0 Update 6 / RC5) where resetpw.php validates email with eregi. A NULL byte (%00) in the email parameter bypasses the regex, allowing SQL injection via a crafted email, enabling password resets and access to user accounts. Proof-of-concept ...
[Full-disclosure] Advisory: Unauthorized password recovery in phpBannerExchange
Advisory: Unauthorized password recovery in phpBannerExchange RedTeam identified an SQL injection that can be triggered due to a bad user input sanitization in phpBannerExchange. It is possible to recover a password of an user and thereby overtake his account. Details ======= Product:...
[Full-disclosure] Advisory: Authentication bypass in phpBannerExchange
Advisory: Authentication bypass in phpBannerExchange RedTeam identified two SQL injections in phpBannerExchange. It is possible to bypass user authentication with them. Details ======= Product: phpBannerExchange Affected Versions: All versions up to phpBannerExchange 2.0 RC5 Fixed Versions: 2.0 R...
phpBannerExchange Template Class Local File Inclusion
The remote host is running phpBannerExchange, a banner exchange script written in PHP. The version of phpBannerExchange installed on the remote host uses a template class that fails to sanitize user-supplied input before using it in a PHP 'include' function. An unauthenticated attacker can exploi...
CVE-2006-1201
Directory traversal vulnerability in resetpw.php in eschew.net phpBannerExchange 2.0 and earlier, and other versions before 2.0 Update 5, allows remote attackers to read arbitrary files via a .. dot dot in the email parameter during a "Recover password" operation recoverpw.php...