EUVD-2010-1140

Malware in sbrugna...

EUVD-2010-1141

Malware in sbrugna...

phpmysport 1.4 (xss/sql) Multiple Vulnerabilities

No description provided by source. + PhpMySport v. 1.4 Multiple Remote Vulnerabilities XSS\SQL + Discovered by XaDoS - xados at hotmail dot it Th4nKs AlpHaNiX -Product site: http://phpmysport.sourceforge.net -Version vuln: 1.4latest and maybe + COD3: The code vuln is at page /memberlist.php SQL a...

phpMySport 1.4 - Multiple Vulnerabilities (SQLi, Auth Bypass, Path Disclosure)

No description provided by source. Vulnerability ID: HTB22770 Reference: http://www.htbridge.ch/advisory/sqlinjectioninphpmysport.html Product: phpMySport Vendor: phpMySport http://phpmysport.sourceforge.net/ Vulnerable Version: 1.4 Vendor Notification: 21 December 2010 Vulnerability Type: SQL...

SQL Injection in phpMySport

Vulnerability ID: HTB22772 Reference: http://www.htbridge.ch/advisory/sqlinjectioninphpmysport2.html Product: phpMySport Vendor: phpMySport http://phpmysport.sourceforge.net/ Vulnerable Version: 1.4 Vendor Notification: 21 December 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vendor...

SQL Injection in phpMySport

Vulnerability ID: HTB22770 Reference: http://www.htbridge.ch/advisory/sqlinjectioninphpmysport.html Product: phpMySport Vendor: phpMySport http://phpmysport.sourceforge.net/ Vulnerable Version: 1.4 Vendor Notification: 21 December 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vendor...

Authentication bypass in phpMySport

Vulnerability ID: HTB22774 Reference: http://www.htbridge.ch/advisory/authenticationbypassinphpmysport.html Product: phpMySport Vendor: phpMySport http://phpmysport.sourceforge.net/ Vulnerable Version: 1.4 Vendor Notification: 21 December 2010 Vulnerability Type: Authentication bypass Status: Not...

phpMySport 1.4 SQLi, Auth Bypass, Path Disclosure Vulnerabilities

Exploit for php platform in category web applications Product: phpMySport Vendor: phpMySport http://phpmysport.sourceforge.net/ Vulnerable Version: 1.4 Vendor Notification: 21 December 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level:...

Path disclousure in phpMySport

Vulnerability ID: HTB22773 Reference: http://www.htbridge.ch/advisory/pathdisclousureinphpmysport.html Product: phpMySport Vendor: phpMySport http://phpmysport.sourceforge.net/ Vulnerable Version: 1.4 Vendor Notification: 21 December 2010 Vulnerability Type: Path disclosure Status: Not Fixed,...

SQL Injection in phpMySport

Vulnerability ID: HTB22771 Reference: http://www.htbridge.ch/advisory/sqlinjectioninphpmysport1.html Product: phpMySport Vendor: phpMySport http://phpmysport.sourceforge.net/ Vulnerable Version: 1.4 Vendor Notification: 21 December 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vendor...

phpMySport 1.4 Bypass / Path Disclosure / SQL Injection

================================== Vulnerability ID: HTB22774 Reference: http://www.htbridge.ch/advisory/authenticationbypassinphpmysport.html Product: phpMySport Vendor: phpMySport http://phpmysport.sourceforge.net/ Vulnerable Version: 1.4 Vendor Notification: 21 December 2010 Vulnerability Type...

phpMySport 1.4 - SQL Injection / Authentication Bypass / Full Path Disclosure

Vulnerability ID: HTB22770 Reference: http://www.htbridge.ch/advisory/sqlinjectioninphpmysport.html Product: phpMySport Vendor: phpMySport http://phpmysport.sourceforge.net/ Vulnerable Version: 1.4 Vendor Notification: 21 December 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vendor...

phpMySport 1.4 - SQL Injection Authentication Bypass Full Path Disclosure

phpMySport 1.4 - SQL Injection Authentication Bypass Full Path Disclosure Vulnerability ID: HTB22770 Reference: http://www.htbridge.ch/advisory/sqlinjectioninphpmysport.html Product: phpMySport Vendor: phpMySport http://phpmysport.sourceforge.net/ Vulnerable Version: 1.4 Vendor Notification: 21...

Authentication Bypass Vulnerability in phpMySport

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in phpMySport which could be exploited to bypass authentication mechanisms and gain access to the application. 1 Authentication bypass vulnerability in phpMySport The vulnerability exists due to insufficient...

Sql injection

Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 v2 parameter in a member view action, 2 v1 parameter in a news action, 3 v1 parameter in an information action, 4 v2 parameter...

CVE-2010-1109

Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 v2 parameter in a member view action, 2 v1 parameter in a news action, 3 v1 parameter in an information action, 4 v2 parameter...

CVE-2010-1110

Directory traversal vulnerability in index.php in phpMySport 1.4 allows remote attackers to list arbitrary directories via a .. dot dot in the currentfolder parameter...

Directory traversal

Directory traversal vulnerability in index.php in phpMySport 1.4 allows remote attackers to list arbitrary directories via a .. dot dot in the currentfolder parameter...

CVE-2010-1110

CVE-2010-1110 affects phpMySport 1.4 and involves a directory traversal vulnerability in index.php via the current_folder parameter (using ..) that allows remote attackers to list arbitrary directories. The description explicitly states a directory listing impact; no exploitation details or affec...

CVE-2010-1110

Directory traversal vulnerability in index.php in phpMySport 1.4 allows remote attackers to list arbitrary directories via a .. dot dot in the currentfolder parameter...