EUVD-2006-2030

Malware in sbrugna...

Simplog <= 0.9.3 (tid) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl Method found & Exploit scripted by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Original advisory: http://www.nukedx.com/?viewdoc=25 Usage: simplog.pl host path use IO::Socket; if@ARGV != 2 usage; else exploit; sub...

Simplog 0.9.3 Archive.PHP PID Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20900/info Simplog is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...

Simplog 0.9.3 - &#039;archive.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/21843/info Simplog is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or...

Simplog 0.9.3 - BlogID Multiple SQL Injections

Simplog 0.9.3 - BlogID Multiple SQL Injections source: https://www.securityfocus.com/bid/20899/info Simplog is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow a...

Simplog 0.9.3 - &#039;archive.php?PID&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/20900/info Simplog is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context ...

CVE-2006-4058

Cross-site scripting XSS vulnerability in archive.php in Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyw parameter when performing a search. NOTE: some details are obtained from third party information...

simplog 0.9.3 and prior XSS

HeLiOsZ - Dark End Team - Internet Security Team simplog 0.9.3 and prior XSS IRC: darkend.sytes.net darkend , http://darkend.sytes.net & http://www.darkend.org Rish : Medium Type : web applet Creator: http://www.simplog.org/ Exploit: - The vuln is in the search section,it don't validate the imput...

CVE-2006-2028

Cross-site scripting XSS vulnerability in imagelist.php in Jeremy Ashcraft Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the imagedir parameter. NOTE: this issue might be resultant from directory traversal...

CVE-2006-2029

Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 tid parameter in a preview.php; the 2 cid, 3 pid, and 4 eid parameters in b archive.php; and the 5 pid parameter in c comments.php...

CVE-2006-2029

Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 tid parameter in a preview.php; the 2 cid, 3 pid, and 4 eid parameters in b archive.php; and the 5 pid parameter in c comments.php...

Simplog 0.9.3 - &#039;tid&#039; SQL Injection

!/usr/bin/perl Method found & Exploit scripted by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Original advisory: http://www.nukedx.com/?viewdoc=25 Usage: simplog.pl use IO::Socket; if@ARGV != 2 usage; else exploit; sub header print "\n- NukedX Security Advisory...