15 matches found
EUVD-2009-0709
Malware in sbrugna...
CVE-2009-0709
SQL injection vulnerability in login.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2009-0711
filter.php in PHPFootball 1.6 and earlier allows remote attackers to retrieve password hashes via a request with an Accounts value for the dbtable parameter, in conjunction with a Password value for the dbfield parameter. NOTE: this has been reported as a SQL injection vulnerability by some...
Sql injection
filter.php in PHPFootball 1.6 and earlier allows remote attackers to retrieve password hashes via a request with an Accounts value for the dbtable parameter, in conjunction with a Password value for the dbfield parameter. NOTE: this has been reported as a SQL injection vulnerability by some...
Sql injection
SQL injection vulnerability in login.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2009-0709
The CVE-2009-0709 entry describes a SQL injection vulnerability in PHPFootball 1.6, specifically in login.php where the user parameter can be used by remote attackers to execute arbitrary SQL commands. Affected component: PHPFootball 1.6 (login.php). Underlying cause: unsanitized user input leadi...
CVE-2009-0710
CVE-2009-0710 : The connected documents describe two cross-site scripting (XSS) vulnerabilities in PHPFootball 1.6. An attacker can inject arbitrary script or HTML via (1) the user parameter to login.php and (2) the dbfield parameter to filter.php. The notes do not provide details on affected ver...
PHPFootball 1.6 - Remote Hash Disclosure
PHPFootball 1.6 - Remote Hash Disclosure \n"; exit; else $head .= "GET /$path/filter.php?dbtable=Accounts&dbfield=Password HTTP/1.1\r\n"; $head .= "Host: $host\r\n"; $head .= "Connection: close\r\n\r\n"; $fsock = fsockopen $host,80; fputs $fsock,$head; while !feof$fsock $cont .= fgets$fsock;...
PHPFootball 1.6 - Remote Hash Disclosure
\n"; exit; else $head .= "GET /$path/filter.php?dbtable=Accounts&dbfield=Password HTTP/1.1\r\n"; $head .= "Host: $host\r\n"; $head .= "Connection: close\r\n\r\n"; $fsock = fsockopen $host,80; fputs $fsock,$head; while !feof$fsock $cont .= fgets$fsock; fclose$fsock; if pregmatchall"/.+?/",$cont,$i...
Sql injection
SQL injection vulnerability in show.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the dbtable parameter...
CVE-2008-3387
The CVE-2008-3387 entry concerns a SQL injection in show.php of PHPFootball 1.6, enabling remote attackers to execute arbitrary SQL commands via the dbtable parameter. The NVD-derived CVSSv2 metrics indicate a base score of 7.5 (HIGH) with network attack vector, low attack complexity, and no auth...
phpfootball-sql.txt
Viva IslaM Viva IslaM Remote SQL injection Vulnerability PHPFootball 1.6 show.php dbtable AuTh0r : Mr.SQL H0ME : WwW.PaL-HaCkEr.CoM && WwW.AtsDp.CoM/f Email : [email protected] SYRIAN Arab HACkErS -: Exploite :-...
PHPFootball 1.6 - SQL Injection
PHPFootball 1.6 - SQL Injection Viva IslaM Viva IslaM Remote SQL injection Vulnerability PHPFootball 1.6 show.php dbtable AuTh0r : Mr.SQL H0ME : WwW.PaL-HaCkEr.CoM && WwW.AtsDp.CoM/f Email : [email protected] SYRIAN Arab HACkErS -: Exploite :-...
EUVD-2007-0636
show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information database contents via a % percent character in the dbfieldv parameter...
phpfootball16-disclose.txt
Title : PHPFootball 1.6 show.php Remote Database Disclosure Vulnerability Author : ajann Contact : : S.Page : http://phpfootball.sourceforge.net $$ : Free Dork : inurl:/phpfootball/ DBREAD--------------------------------------------------------- http://target/path//show.php VARIABLES Example:...