104 matches found
CVE-2006-6344
Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and earlier have unknown impact and attack vectors related to 1 plugins/ipsearch/ipsearch.admin.php, and 2 pfs/pfs.edit.inc.php, 3 users/users.register.inc.php in system/core. NOTE: the users.profile.inc.php vector is identified by...
CVE-2006-6343
CVE-2006-6343 concerns a SQL injection in the polls.php id parameter of Land Down Under / Seditio (Neocrome Seditio) 1.10 and earlier. The Nessus NASL details show the remote input to polls.php is not sanitized before use in a database query when magic_quotes_gpc is disabled, enabling an unauthen...
CVE-2006-6344
Neocrome Seditio 1.10 and earlier are affected by SQL injection vulnerabilities across multiple pages/components, including plugins/ipsearch/ipsearch.admin.php, pfs/pfs.edit.inc.php, and users/users.register.inc.php. The CVE-2006-6344 entry notes these as unspecified vulnerabilities with possible...
Seditio/Land Down Under Polls.PHP SQL注入漏洞
Seditio/Land Down Under是一款基于php的WEB应用程序。 Seditio/Land Down Under不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行sql注入攻击,获得敏感信息。 问题是由于'Polls.PHP'脚本对用户提交的'id'参数缺少过滤,提交包含多个"../"字符作为参数数据,可绕过web root路径限制,以web权限查看系统文件内容。 Neocrome Seditio 1.10 Neocrome Land Down Under 8.0 目前没有解决方案提供: http://www.neocrome.net/...
Seditio <= 1.10 (pollid) Remote SQL Injection Vulnerability
Title : Seditio = 1.10 pollid Remote SQL Injection Vulnerability Author : ajann Contact : : Dork : "Powered by Seditio" SQL------------------------------------------------------ http://target/path/polls.php?id= Example: //...
CVE-2006-6177
SQL injection vulnerability in system/core/users/users.profile.inc.php in Neocrome Seditio 1.10 and earlier allows remote authenticated users to execute arbitrary SQL commands via a double-url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif"...
CVE-2006-6177
CVE-2006-6177 describes an SQL injection in Neocrome Seditio
Seditio1.10 Land Down 8.0 Under - polls.php SQL Injection
Seditio1.10 Land Down 8.0 Under - polls.php SQL Injection source: https://www.securityfocus.com/bid/21366/info Seditio and Land Down Under are prone to an SQL-injection vulnerability because the applications fail to properly sanitize user-supplied input before using it in an SQL query. A successf...
Seditio1.10 / Land Down 8.0 Under - 'polls.php' SQL Injection
source: https://www.securityfocus.com/bid/21366/info Seditio and Land Down Under are prone to an SQL-injection vulnerability because the applications fail to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...
Seditio Users.Profile.Inc.PHP SQL 注入漏洞
Seditio是一款基于PHP的WEB应用程序。 Seditio不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行sql注入攻击,获得敏感信息。 问题是由于'Users.Profile.Inc.PHP'脚本对用户提交的WEB参数缺少过滤,提交恶意sql查询作为参数数据,可更改原来的sql逻辑,获得敏感信息。 Neocrome Seditio 1.10 目前没有解决方案提供: http://www.neocrome.net/page.php?al=seditio...
seditio110-sql.txt
--Security Report-- Advisory: Seditio http://www.victim.com/users.php?m=profile&a=avatarselect&x=XVALUE&id=default.gifSQL...
Seditio <= 1.10 (avatarselect id) Remote SQL Injection Vulnerability
No description provided by source. Seditio = 1.10 Remote SQL Injection avatarselect id Vulnerability Discovered by: nukedx Contacts: ICQ: 10072 MSN/Mail: [email protected] web: http://www.nukedx.com Original advisory can be found at: http://www.nukedx.com/?viewdoc=52 ---- GET -...
Advisory: Seditio <= 1.10 Remote SQL Injection Vulnerability.
--Security Report-- Advisory: Seditio = 1.10 Remote SQL Injection Vulnerability. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 21/10/06 09:44 PM --- Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: Neocrome http://www.neocrome.net...
seditio110.txt
--Security Report-- Advisory: Seditio http://www.victim.com/users.php?m=profile&a=avatarselect&x=XVALUE&id=default.gifSQL...
Seditio 1.10 - avatarselect id SQL Injection
Seditio 1.10 - avatarselect id SQL Injection Seditio http://www.victim.com/users.php?m=profile&a=avatarselect&x=XVALUE&id=default.gifSQL Inject GET -...
Seditio 1.10 - Users.Profile.Inc.php SQL Injection
Seditio 1.10 - Users.Profile.Inc.php SQL Injection source: https://www.securityfocus.com/bid/21232/info Seditio is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
Seditio <= 1.10 (avatarselect id) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ==================================================================== Seditio http://www.victim.com/users.php?m=profile&a=avatarselect&x=XVALUE&id=default.gifSQL Inject GET -...
Seditio 1.10 - 'Users.Profile.Inc.php' SQL Injection
source: https://www.securityfocus.com/bid/21232/info Seditio is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data,...
Seditio 1.10 - avatarselect id SQL Injection
Seditio http://www.victim.com/users.php?m=profile&a=avatarselect&x=XVALUE&id=default.gifSQL Inject GET - http://www.victim.com/users.php?m=profile&a=avatarselect&x=011A99&id=default.gif%2500%2527,userpassword=%2527e10adc3949ba59abbe56e057f20f883e%2527//where//userid=1/ with this example remote...
Cross site scripting
Cross-site scripting XSS vulnerability in Neocrome Land Down Under LDU in Neocrome Seditio 102 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer field...