11 matches found
EUVD-2007-1903
Malware in sbrugna...
Family Connections CMS 2.3.2 (POST) Stored XSS And XML Injection
No description provided by source. !-- Family Connections CMS 2.3.2 POST Stored XSS And XML Injection Vendor: Ryan Haudenschilt Product web page: http://www.familycms.com Affected version: 2.3.2 Summary: Family Connections is an open source content management system. It makes creating a private,...
Family Connections CMS 2.3.2 - Persistent Cross-Site Scripting XML Injection
Family Connections CMS 2.3.2 - Persistent Cross-Site Scripting XML Injection Family Connections CMS 2.3.2 Stored XSS And XPath Injection function xpathdocument.forms"xml".submit; function xssdocument.forms"xss".submit; a href="javascri...
Family Connections 2.3.2 - subject HTML Injection
Family Connections 2.3.2 - subject HTML Injection source: https://www.securityfocus.com/bid/47037/info Family Connections is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in...
Family Connections CMS 2.3.2 (POST) Stored XSS And XML Injection
Summary Family Connections is an open source content management system. It makes creating a private, family website easy and fun. Description FCMS suffers from a stored XSS vulnerability post-auth in messageboard.php script thru the 'subject' post parameter. XML Inj. lies in the /inc/getChat.php...
Family Connections CMS 2.3.2 XSS / XML Injection
Family Connections CMS 2.3.2 Stored XSS And XPath Injection function xpathdocument.forms"xpath".submit; function xssdocument.forms"xss".submit; font color="r...
Family Connections 2.3.2 - 'subject' HTML Injection
source: https://www.securityfocus.com/bid/47037/info Family Connections is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context...
Design/Logic Flaw
index.php in Ryan Haudenschilt Family Connections FCMS before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcmsloginid cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter...
Sql injection
SQL injection vulnerability in login.php in Ryan Haudenschilt Battle.net Clan Script for PHP 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 user or 2 pass parameter...
CVE-2007-1909
The CVE-2007-1909 entry refers to a SQL injection vulnerability in the Battle.net Clan Script for PHP (version 1.5.1 and earlier). The flaw is in login.php and allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass parameter. This can impact confidentiality, integr...
CVE-2007-1909
SQL injection vulnerability in login.php in Ryan Haudenschilt Battle.net Clan Script for PHP 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 user or 2 pass parameter...