18 matches found
EUVD-2005-3406
Malware in sbrugna...
EUVD-2005-3405
Malware in sbrugna...
SUSE CVE-2006-0806
Multiple cross-site scripting XSS vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via 1 the nextpage parameter in adodb-pager.inc.php and 2 other unspecified vectors related to PHPSELF...
Information disclosure
php Easy Survey Package phpESP 2.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/landing.php and certain other files...
CVE-2011-3774
The CVE-2011-3774 entry affects php Easy Survey Package (phpESP) 2.1.1. The vulnerability is a remote information disclosure where a direct request to certain .php files (e.g., public/landing.php and similar) causes an error message that reveals the installation path. This detail is present in NV...
CVE-2011-3774
php Easy Survey Package phpESP 2.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/landing.php and certain other files...
DEBIAN-CVE-2006-0806
Multiple cross-site scripting XSS vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via 1 the nextpage parameter in adodb-pager.inc.php and 2 other unspecified vectors related to PHPSELF...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via 1 the nextpage parameter in adodb-pager.inc.php and 2 other unspecified vectors related to PHPSELF...
CVE-2006-0806
Multiple cross-site scripting XSS vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via 1 the nextpage parameter in adodb-pager.inc.php and 2 other unspecified vectors related to PHPSELF...
CVE-2006-0806
Multiple cross-site scripting XSS vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via 1 the nextpage parameter in adodb-pager.inc.php and 2 other unspecified vectors related to PHPSELF...
CVE-2006-0806
Multiple cross-site scripting XSS vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via 1 the nextpage parameter in adodb-pager.inc.php and 2 other unspecified vectors related to PHPSELF...
CVE-2005-3407
SQL injection vulnerability in phpESP 1.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors...
CVE-2005-3406
Cross-site scripting XSS vulnerability in phpESP 1.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
CVE-2005-3406
CVE-2005-3406 is a Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier, allowing remote attackers to inject arbitrary web script or HTML via unknown vectors. Connected sources confirm the affected software and nature of the flaw; no exploit details or fixes are provided in the su...
CVE-2005-3407
SQL injection vulnerability in phpESP 1.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors...
CVE-2005-3407
Technical details about CVE-2005-3407 are not publicly available in the provided connected documents. Monitor for updates.
[SA17333] phpESP Unspecified Cross-Site Scripting and SQL Injection
TITLE: phpESP Unspecified Cross-Site Scripting and SQL Injection SECUNIA ADVISORY ID: SA17333 VERIFY ADVISORY: http://secunia.com/advisories/17333/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: phpESP 1.x...
phpESP (php Easy Survey Package)
Product : phpESP php Easy Survey Package Version : 1.11 WebSite : http://acm.jhu.edu Problem : Access in dbase Description: ------------ In admin directory exist file phpEST.ini if we look this file we can see database dbpassword, dblogin, dbhost, dbname and other private info. phpESP.ini...