Lucene search
K

104 matches found

Cvelist
Cvelist
added 2006/12/07 1:0 a.m.18 views

CVE-2006-6344

Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and earlier have unknown impact and attack vectors related to 1 plugins/ipsearch/ipsearch.admin.php, and 2 pfs/pfs.edit.inc.php, 3 users/users.register.inc.php in system/core. NOTE: the users.profile.inc.php vector is identified by...

7.5AI score0.00925EPSS
Exploits0References3
CVE
CVE
added 2006/12/07 1:0 a.m.45 views

CVE-2006-6343

CVE-2006-6343 concerns a SQL injection in the polls.php id parameter of Land Down Under / Seditio (Neocrome Seditio) 1.10 and earlier. The Nessus NASL details show the remote input to polls.php is not sanitized before use in a database query when magic_quotes_gpc is disabled, enabling an unauthen...

6.8CVSS8.4AI score0.01155EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2006/12/07 1:0 a.m.39 views

CVE-2006-6344

Neocrome Seditio 1.10 and earlier are affected by SQL injection vulnerabilities across multiple pages/components, including plugins/ipsearch/ipsearch.admin.php, pfs/pfs.edit.inc.php, and users/users.register.inc.php. The CVE-2006-6344 entry notes these as unspecified vulnerabilities with possible...

7.5CVSS7.7AI score0.00925EPSS
Exploits0References3Affected Software1
seebug.org
seebug.org
added 2006/12/05 12:0 a.m.11 views

Seditio/Land Down Under Polls.PHP SQL注入漏洞

Seditio/Land Down Under是一款基于php的WEB应用程序。 Seditio/Land Down Under不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行sql注入攻击,获得敏感信息。 问题是由于'Polls.PHP'脚本对用户提交的'id'参数缺少过滤,提交包含多个"../"字符作为参数数据,可绕过web root路径限制,以web权限查看系统文件内容。 Neocrome Seditio 1.10 Neocrome Land Down Under 8.0 目前没有解决方案提供: http://www.neocrome.net/...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2006/12/01 12:0 a.m.106 views

Seditio <= 1.10 (pollid) Remote SQL Injection Vulnerability

Title : Seditio = 1.10 pollid Remote SQL Injection Vulnerability Author : ajann Contact : : Dork : "Powered by Seditio" SQL------------------------------------------------------ http://target/path/polls.php?id= Example: //...

0.8AI score
Exploits0
NVD
NVD
added 2006/11/30 4:28 p.m.15 views

CVE-2006-6177

SQL injection vulnerability in system/core/users/users.profile.inc.php in Neocrome Seditio 1.10 and earlier allows remote authenticated users to execute arbitrary SQL commands via a double-url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif"...

7.5CVSS7.8AI score0.01631EPSS
Exploits1References8
CVE
CVE
added 2006/11/30 4:0 p.m.60 views

CVE-2006-6177

CVE-2006-6177 describes an SQL injection in Neocrome Seditio

7.5CVSS8.3AI score0.01631EPSS
Exploits1References8Affected Software1
exploitpack
exploitpack
added 2006/11/30 12:0 a.m.8 views

Seditio1.10 Land Down 8.0 Under - polls.php SQL Injection

Seditio1.10 Land Down 8.0 Under - polls.php SQL Injection source: https://www.securityfocus.com/bid/21366/info Seditio and Land Down Under are prone to an SQL-injection vulnerability because the applications fail to properly sanitize user-supplied input before using it in an SQL query. A successf...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2006/11/30 12:0 a.m.20 views

Seditio1.10 / Land Down 8.0 Under - 'polls.php' SQL Injection

source: https://www.securityfocus.com/bid/21366/info Seditio and Land Down Under are prone to an SQL-injection vulnerability because the applications fail to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2006/11/29 12:0 a.m.24 views

Seditio Users.Profile.Inc.PHP SQL 注入漏洞

Seditio是一款基于PHP的WEB应用程序。 Seditio不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行sql注入攻击,获得敏感信息。 问题是由于'Users.Profile.Inc.PHP'脚本对用户提交的WEB参数缺少过滤,提交恶意sql查询作为参数数据,可更改原来的sql逻辑,获得敏感信息。 Neocrome Seditio 1.10 目前没有解决方案提供: http://www.neocrome.net/page.php?al=seditio...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2006/11/27 12:0 a.m.20 views

seditio110-sql.txt

--Security Report-- Advisory: Seditio http://www.victim.com/users.php?m=profile&a=avatarselect&x=XVALUE&id=default.gifSQL...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2006/11/22 12:0 a.m.17 views

Seditio <= 1.10 (avatarselect id) Remote SQL Injection Vulnerability

No description provided by source. Seditio = 1.10 Remote SQL Injection avatarselect id Vulnerability Discovered by: nukedx Contacts: ICQ: 10072 MSN/Mail: [email protected] web: http://www.nukedx.com Original advisory can be found at: http://www.nukedx.com/?viewdoc=52 ---- GET -...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2006/11/22 12:0 a.m.49 views

Advisory: Seditio <= 1.10 Remote SQL Injection Vulnerability.

--Security Report-- Advisory: Seditio = 1.10 Remote SQL Injection Vulnerability. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 21/10/06 09:44 PM --- Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: Neocrome http://www.neocrome.net...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2006/11/22 12:0 a.m.39 views

seditio110.txt

--Security Report-- Advisory: Seditio http://www.victim.com/users.php?m=profile&a=avatarselect&x=XVALUE&id=default.gifSQL...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2006/11/21 12:0 a.m.14 views

Seditio 1.10 - avatarselect id SQL Injection

Seditio 1.10 - avatarselect id SQL Injection Seditio http://www.victim.com/users.php?m=profile&a=avatarselect&x=XVALUE&id=default.gifSQL Inject GET -...

8.7AI score
Exploits0
exploitpack
exploitpack
added 2006/11/21 12:0 a.m.9 views

Seditio 1.10 - Users.Profile.Inc.php SQL Injection

Seditio 1.10 - Users.Profile.Inc.php SQL Injection source: https://www.securityfocus.com/bid/21232/info Seditio is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

8.6AI score
Exploits0
0day.today
0day.today
added 2006/11/21 12:0 a.m.43 views

Seditio <= 1.10 (avatarselect id) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ==================================================================== Seditio http://www.victim.com/users.php?m=profile&a=avatarselect&x=XVALUE&id=default.gifSQL Inject GET -...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/11/21 12:0 a.m.18 views

Seditio 1.10 - &#039;Users.Profile.Inc.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/21232/info Seditio is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data,...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2006/11/21 12:0 a.m.33 views

Seditio 1.10 - avatarselect id SQL Injection

Seditio http://www.victim.com/users.php?m=profile&a=avatarselect&x=XVALUE&id=default.gifSQL Inject GET - http://www.victim.com/users.php?m=profile&a=avatarselect&x=011A99&id=default.gif%2500%2527,userpassword=%2527e10adc3949ba59abbe56e057f20f883e%2527//where//userid=1/ with this example remote...

7.4AI score
Exploits0
Prion
Prion
added 2006/05/30 10:2 a.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in Neocrome Land Down Under LDU in Neocrome Seditio 102 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer field...

4.3CVSS6.2AI score0.01396EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder