21 matches found
EUVD-2006-5661
Malware in sbrugna...
EUVD-2006-6399
Malware in sbrugna...
EUVD-2006-4631
Malware in sbrugna...
Uni-vert PhpLeague 0.82 Joueurs.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19880/info Uni-vert PhpLeague is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. This issue may allow an attacker to compromise the application, access or modify data,...
PhpLeague 0.81 consult/miniseul.php cheminmini Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/20756/info Php League is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing...
PhpLeague "cheminmini"远程文件包含漏洞
PhpLeague是一款基于PHP的WEB应用程序。 PhpLeague不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'consult/miniseul.php'和'config.php'脚本对用户提交的'cheminmini'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 PhpLeague 0.x 升级到0.82版本: http://phpleague.univert.org/...
Uni-vert PhpLeague Joueurs.PHP SQL注入漏洞
Uni-vert PhpLeague是一款基于PHP的WEB应用程序。 Uni-vert PhpLeague不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'Joueurs.PHP'脚本对用户提交的"idjoueur"参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 Uni-Vert PhpLeague 0.82b Uni-Vert PhpLeague 0.82 目前没有解决方案提供,请关注以下链接: http://phpleague.univert.org/...
[SA23342] PhpLeague "cheminmini" File Inclusion Vulnerabilities
TITLE: PhpLeague "cheminmini" File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA23342 VERIFY ADVISORY: http://secunia.com/advisories/23342/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: PhpLeague 0.x http://secunia.com/product/11879/ DESCRIPTION: ajann and doubl...
CVE-2006-6416
Multiple PHP remote file inclusion vulnerabilities in PhpLeague - Univert PhpLeague 0.81 allow remote attackers to execute arbitrary PHP code via a URL in the cheminmini parameter to 1 consult/miniseul.php or 2 config.php. NOTE: The provenance of this information is unknown; the details are...
CVE-2006-6416
PhpLeague - Univert PhpLeague 0.81 contains multiple PHP remote file inclusion vulnerabilities. The issue is triggered by a crafted URL provided in the cheminmini parameter to either consult/miniseul.php or config.php, enabling an attacker to indirectly affect the system by including remote PHP f...
CVE-2006-6416
Multiple PHP remote file inclusion vulnerabilities in PhpLeague - Univert PhpLeague 0.81 allow remote attackers to execute arbitrary PHP code via a URL in the cheminmini parameter to 1 consult/miniseul.php or 2 config.php. NOTE: The provenance of this information is unknown; the details are...
CVE-2006-5676
SQL injection vulnerability in consult/classement.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the champ parameter...
CVE-2006-5676
SQL injection vulnerability in consult/classement.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the champ parameter...
CVE-2006-5676
Uni-Vert PhpLeague
PHPLeague 0.81 - consultminiseul.php?cheminmini Remote File Inclusion
PHPLeague 0.81 - consultminiseul.php?cheminmini Remote File Inclusion source: https://www.securityfocus.com/bid/20756/info Php League is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include...
PHPLeague 0.81 - '/consult/miniseul.php?cheminmini' Remote File Inclusion
source: https://www.securityfocus.com/bid/20756/info Php League is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it...
CVE-2006-4643
SQL injection vulnerability in consult/joueurs.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the idjoueur parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...
CVE-2006-4643
CVE-2006-4643 : A SQL injection vulnerability exists in consult/joueurs.php of Uni-Vert PhpLeague 0.82 and earlier. The vulnerability allows remote attackers to execute arbitrary SQL commands through the id_joueur parameter. Affected: PhpLeague (Uni-Vert) versions ≤ 0.82. Root cause: lack of inpu...
CVE-2006-4643
SQL injection vulnerability in consult/joueurs.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the idjoueur parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...
[SA21789] PhpLeague "id_joueur" SQL Injection Vulnerability
TITLE: PhpLeague "idjoueur" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA21789 VERIFY ADVISORY: http://secunia.com/advisories/21789/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: PhpLeague 0.x http://secunia.com/product/11879/ DESCRIPTION: DrEiNsTeI...