15 matches found
EUVD-2003-1545
Malware in sbrugna...
EUVD-2006-0087
Malware in sbrugna...
ScozNet ScozBook 1.1 AdminName Variable SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16115/info ScozNet ScozBook is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation...
ScozBook auth.php adminname Parameter SQL Injection - Ver2 (CVE-2006-0079)
An SQL injection vulnerability has been reported in ScozNet ScozBook BETA. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2003-1555
ScozNet ScozBook 1.1 BETA is affected by a vulnerability in view.php where an invalid PG parameter triggers an error message that reveals the installation path, causing information disclosure. Affected component: ScozBook web frontend (view.php). Root cause: improper handling of the PG parameter ...
CVE-2003-1554
CVE-2003-1554 corresponds to a cross-site scripting (XSS) vulnerability in ScozNet ScozBook 1.1 BETA. The flaw resides in scozbook/add.php, allowing an attacker to inject arbitrary script/HTML via the 6 parameters: username, useremail, aim, msn, sitename, and siteaddy. The NASL/OSS Nessus entry a...
CVE-2003-1555
ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message...
CVE-2006-0079
SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 allows remote attackers to execute arbitrary SQL commands via the username field adminname variable...
CVE-2006-0079
CVE-2006-0079 describes an SQL injection vulnerability in ScozNet ScozBook BETA 1.1, specifically in auth.php via the adminname (username) field. The underlying issue is unsanitized input allowing a remote attacker to inject arbitrary SQL commands. Documents corroborate exploitation potential and...
CVE-2006-0079
SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 allows remote attackers to execute arbitrary SQL commands via the username field adminname variable...
EV0011.txt
New eVuln Advisory: ScozBook "adminname" Authentication Bypass --------------------Summary---------------- Vendor: ScozNet Vendor's Web Site: http://www.scoznet.com/ Software: ScozBook Sowtware's Web Site: http://sourceforge.net/projects/scozbook/ Versions: BETA 1.1 Critical Level: Moderate Type:...
ScozNet ScozBook 1.1 - AdminName SQL Injection
ScozNet ScozBook 1.1 - AdminName SQL Injection source: https://www.securityfocus.com/bid/16115/info ScozNet ScozBook is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...
ScozNet ScozBook 1.1 - 'AdminName' SQL Injection
source: https://www.securityfocus.com/bid/16115/info ScozNet ScozBook is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the...
CVE-2003-1555
ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message...
CVE-2003-1554
Cross-site scripting XSS vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the 1 username, 2 useremail, 3 aim, 4 msn, 5 sitename and 6 siteaddy variables...