10 matches found
EUVD-2004-0663
Malware in sbrugna...
EUVD-2008-4342
Malware in sbrugna...
CVE-2006-5169
Cross-site scripting XSS vulnerability in John Himmelman aka DaRk2k1 PowerPortal 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to registering a user. NOTE: the provenance of this information is unknown; the details are obtained from...
CVE-2008-4361
CVE-2008-4361 affects PowerPortal 2.0.13 and is a directory traversal vulnerability where a crafted .. in the path parameter to the default URI enables remote attackers to list and possibly read arbitrary files. This is documented across multiple sources (NVD/NVD entry for CVE-2008-4361 referenci...
CVE-2004-2514
Cross-site scripting XSS vulnerability in modules/privatemessages/index.php in PowerPortal 1.x allows remote attackers to inject arbitrary web script or HTML via the 1 SUBJECT or 2 MESSAGE field...
PowerPortal 1.3 - SQL Injection
PowerPortal 1.3 - SQL Injection source: https://www.securityfocus.com/bid/11681/info PowerPortal is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query. PowerPortal 1.3 is...
PowerPortal 1.3 - SQL Injection
source: https://www.securityfocus.com/bid/11681/info PowerPortal is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query. PowerPortal 1.3 is reported prone to this vulnerabilit...
PowerPortal 1.11.3 - Private Message HTML Injection
PowerPortal 1.11.3 - Private Message HTML Injection source: https://www.securityfocus.com/bid/10835/info A vulnerability is reported for PowerPortal which may make it prone to HTML injection attacks. The problem is said to occur due to a lack of sufficient sanitization performed on private messag...
CVE-2004-0664
Directory traversal vulnerability in modules.php in PowerPortal 1.x allows remote attackers to list arbitrary directories via a .. dot dot in the files parameter...
CVE-2004-0663
Cross-site scripting XSS vulnerability in modules.php in PowerPortal 1.x allows remote attackers to inject arbitrary script or HTML via the 1 id parameter to the a privatemessages module; 2 search parameter to the b links and c content modules; and 3 files parameter to the gallery module...