13 matches found
EUVD-2006-2129
Malware in sbrugna...
EUVD-2006-2130
Malware in sbrugna...
CVE-2006-2876
Cross-site scripting XSS vulnerability in cat.php in PHP Pro Publish 2.0 allows remote attackers to inject arbitrary web script or HTML via the catname parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Cross site scripting
Cross-site scripting XSS vulnerability in cat.php in PHP Pro Publish 2.0 allows remote attackers to inject arbitrary web script or HTML via the catname parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-2876
CVE-2006-2876 is an XSS vulnerability in PHP Pro Publish 2.0 where the catname parameter of cat.php can be exploited to inject arbitrary script/HTML. The affected component is cat.php within PHP Pro Publish 2.0; root cause is insufficient input validation on catname leading to script injection. T...
Sql injection
Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 email and 2 password parameter to a admin/login.php, 3 findstr parameter to b search.php, or 4 artid parameter to c art.php, or 5 catid parameter to d cat.php...
CVE-2006-2128
Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 email and 2 password parameter to a admin/login.php, 3 findstr parameter to b search.php, or 4 artid parameter to c art.php, or 5 catid parameter to d cat.php...
CVE-2006-2129
Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...
Code injection
Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...
CVE-2006-2128
Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 email and 2 password parameter to a admin/login.php, 3 findstr parameter to b search.php, or 4 artid parameter to c art.php, or 5 catid parameter to d cat.php...
CVE-2006-2129
Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...
CVE-2006-2129
CVE-2006-2129 describes a direct static code injection in Pro Publish 2.0. The flaw allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings stored in set_inc.php. Documents consistently identify the affected product as Pro Publish 2.0 and note that acc...
CVE-2006-2128
CVE-2006-2128 affects Pro Publish 2.0. The provided sources describe multiple SQL injection vulnerabilities in the application, exploitable via specific request parameters to several pages: (1) admin/login.php with email/password, (2) search.php with find_str, (3) art.php with artid, and (4) cat....