42 matches found
EUVD-2009-0709
Malware in sbrugna...
EUVD-2009-0711
Malware in sbrugna...
EUVD-2008-3373
Malware in sbrugna...
EUVD-2009-0710
Malware in sbrugna...
PHPFootball <= 1.6 (filter.php) Remote Hash Disclosure Exploit
No description provided by source. ?php // http://garr.dl.sourceforge.net/sourceforge/phpfootball/PHPfootball1.6.zip $host = $argv1; $path = $argv2; if $argc != 3 echo PHPFootball = 1.6 filter.php Remote Hash Disclosure Exploit\n; echo by KinG-LioN - http://eurohackers.it\n; echo Usage: php $argv...
PHPFootball 'filter.php' Password Hash Information Disclosure Vulnerability
PHPFootball is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain sensitive information that may lead to further attacks. PHPFootball 1.6 is vulnerable; other versions may also be affecte...
PHPFootball <= 1.6 Information Disclosure Vulnerability - Active Check
PHPFootball is prone to an information disclosure vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2009-0711
filter.php in PHPFootball 1.6 and earlier allows remote attackers to retrieve password hashes via a request with an Accounts value for the dbtable parameter, in conjunction with a Password value for the dbfield parameter. NOTE: this has been reported as a SQL injection vulnerability by some...
CVE-2009-0709
SQL injection vulnerability in login.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2009-0710
Multiple cross-site scripting XSS vulnerabilities in PHPFootball 1.6 allow remote attackers to inject arbitrary web script or HTML via 1 the user parameter to login.php or 2 the dbfield parameter to filter.php. NOTE: the provenance of this information is unknown; the details are obtained solely...
Sql injection
filter.php in PHPFootball 1.6 and earlier allows remote attackers to retrieve password hashes via a request with an Accounts value for the dbtable parameter, in conjunction with a Password value for the dbfield parameter. NOTE: this has been reported as a SQL injection vulnerability by some...
Sql injection
SQL injection vulnerability in login.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2009-0711
filter.php in PHPFootball 1.6 and earlier allows remote attackers to retrieve password hashes via a request with an Accounts value for the dbtable parameter, in conjunction with a Password value for the dbfield parameter. NOTE: this has been reported as a SQL injection vulnerability by some...
CVE-2009-0711
Summary: CVE-2009-0711 affects PHPFootball 1.6 and earlier via filter.php , enabling remote attackers to obtain password hashes by a crafted request using an Accounts value for the dbtable parameter and a Password value for the dbfield parameter. The underlying issue is improper handling of user-...
CVE-2009-0709
SQL injection vulnerability in login.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2009-0710
Multiple cross-site scripting XSS vulnerabilities in PHPFootball 1.6 allow remote attackers to inject arbitrary web script or HTML via 1 the user parameter to login.php or 2 the dbfield parameter to filter.php. NOTE: the provenance of this information is unknown; the details are obtained solely...
CVE-2009-0710
CVE-2009-0710 : The connected documents describe two cross-site scripting (XSS) vulnerabilities in PHPFootball 1.6. An attacker can inject arbitrary script or HTML via (1) the user parameter to login.php and (2) the dbfield parameter to filter.php. The notes do not provide details on affected ver...
CVE-2009-0709
The CVE-2009-0709 entry describes a SQL injection vulnerability in PHPFootball 1.6, specifically in login.php where the user parameter can be used by remote attackers to execute arbitrary SQL commands. Affected component: PHPFootball 1.6 (login.php). Underlying cause: unsanitized user input leadi...
PHPFootball 1.6 Hash Disclosure
\n"; exit; else $head .= "GET /$path/filter.php?dbtable=Accounts&dbfield=Password HTTP/1.1\r\n"; $head .= "Host: $host\r\n"; $head .= "Connection: close\r\n\r\n"; $fsock = fsockopen $host,80; fputs $fsock,$head; while !feof$fsock $cont .= fgets$fsock; fclose$fsock; if pregmatchall"/.+?/",$cont,$i...
PHPFootball <= 1.6 (filter.php) Remote Hash Disclosure Exploit
No description provided by source. ?php // http://garr.dl.sourceforge.net/sourceforge/phpfootball/PHPfootball1.6.zip $host = $argv1; $path = $argv2; if $argc != 3 echo "PHPFootball = 1.6 filter.php Remote Hash Disclosure Exploit\n"; echo "by KinG-LioN - http://eurohackers.it\n"; echo "Usage: php...