EUVD-2007-1013

Malware in sbrugna...

Yxbbs论坛系统 3.1.0 Rss.Asp文件存在cookie注射漏洞

Yxbbs 是由Y网所开发的一套开源免费的社区论坛系统程序，采用asp+Access（SQL）的技术. Rss.Asp文件的BoardID变量未采取过滤措施，由于有全站防注射文件保护（默认对Request.cookies不做防护），导致可以通过 cookies注射。 ver 3.1.0 厂商补丁： Yxbbs ------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.yimxu.com/ !/usr/bin/env python coding: utf-8 from pocsuite.net import req...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via 1 the close parameter to showThumb.aspx; 2 SBredirect and 3 SBfeedback parameters in processsend.asp, as reachable through default.asp; 4 paramCode and 5 cColor...

CVE-2008-6675

Multiple cross-site scripting XSS vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via 1 the close parameter to showThumb.aspx; 2 SBredirect and 3 SBfeedback parameters in processsend.asp, as reachable through default.asp; 4 paramCode and 5 cColor...

CVE-2008-6675

Multiple cross-site scripting XSS vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via 1 the close parameter to showThumb.aspx; 2 SBredirect and 3 SBfeedback parameters in processsend.asp, as reachable through default.asp; 4 paramCode and 5 cColor...

Sql injection

SQL injection vulnerability in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via certain vectors related to the HaberDetay.asp and rss.asp components, and the id and kid parameters. NOTE: the provenance of this information is unknown; the details are obtain...

CVE-2007-1016

CVE-2007-1016 describes a SQL injection vulnerability in the Aktueldownload Haber script, allowing remote attackers to execute arbitrary SQL commands via HaberDetay.asp/rss.asp components and the id/kid parameters. Reported details indicate the vulnerability affects the HaberDetay.asp component w...