27 matches found
EUVD-2008-2114
Malware in sbrugna...
EUVD-2008-2115
Malware in sbrugna...
EUVD-2007-6096
Malware in sbrugna...
EUVD-2007-6095
Malware in sbrugna...
EUVD-2007-6152
Malware in sbrugna...
project alumni <= 1.0.9 - Remote XSS / SQL Injection Vulnerability
No description provided by source. project-alumni sql injection & xss author : tomplixsee [email protected] ------------------------------------------------------------------------------------------------------------- affected software version : project alumni v1.0.9, v1.0.8, or lower??...
Alumni 1.0.8/1.0.9 - index.php year Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/29019/info Project Alumni is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow...
CVE-2008-2117
Cross-site scripting XSS vulnerability in pages/news.page.inc in Project Alumni 1.0.9 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a news action to index.php, a different vector than CVE-2007-6126...
CVE-2008-2117
Cross-site scripting XSS vulnerability in pages/news.page.inc in Project Alumni 1.0.9 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a news action to index.php, a different vector than CVE-2007-6126...
Alumni 1.0.81.0.9 - index.php?year Cross-Site Scripting
Alumni 1.0.81.0.9 - index.php?year Cross-Site Scripting source: https://www.securityfocus.com/bid/29019/info Project Alumni is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting...
Alumni 1.0.81.0.9 - info.php?id SQL Injection
Alumni 1.0.81.0.9 - info.php?id SQL Injection source: https://www.securityfocus.com/bid/29019/info Project Alumni is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues...
Project Alumni Index.PHP Act参数本地文件包含漏洞
Project Alumni是一款基于PHP的WEB应用程序。 Project Alumni不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是由于'Index.PHP'脚本对用户提交的'act'参数缺少过滤,提交包含多个"../"字符作为参数数据,可绕过WEB ROOT限制,以WEB权限查看系统文件内容。 Project Alumni 1.0.9 目前没有解决方案提供: https://sourceforge.net/projects/project-alumni/...
CVE-2007-6184
Directory traversal vulnerability in index.php in Project Alumni 1.0.9 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the act parameter...
Directory traversal
Directory traversal vulnerability in index.php in Project Alumni 1.0.9 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the act parameter...
CVE-2007-6184
CVE-2007-6184 affects Project Alumni 1.0.9. The vulnerability arises in index.php where an attacker can use a .. in the act parameter to perform a directory traversal, allowing remote inclusion and execution of local files. The condition is an unrestricted act parameter that leads to file inclusi...
projectalumni-disclose.txt
project alumni 1.0.9 remote file disclosure vulnerability download : https://sourceforge.net/projects/project-alumni/ vulnerable code on index.php include$SERVER'DOCUMENTROOT' . "/pages/" . $GET'act' . ".page.inc.php"; exploit : http://victim/path/index.php?act=../../../../../../etc/passwd%00...
CVE-2007-6126
Multiple cross-site scripting XSS vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to 1 xml/index.php; or 2 the year parameter to view.page.inc.php, which is reachable through a view action to the top-level...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to 1 xml/index.php; or 2 the year parameter to view.page.inc.php, which is reachable through a view action to the top-level...
CVE-2007-6127
Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to 1 view.page.inc.php, which is reachable through a view action to index.php; or 2 the year parameter to news.page.inc.php, which is reachabl...
CVE-2007-6126
CVE-2007-6126 affects Project Alumni versions 1.0.9 and earlier. The vulnerability is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary scripts via the year parameter in (1) xml/index.php and (2) view.page.inc.php, reachable through a view action to index.php. The...