20 matches found
EUVD-2007-5667
Malware in sbrugna...
EUVD-2007-5665
Malware in sbrugna...
EUVD-2007-5466
Malware in sbrugna...
CVE-2007-5695
Open redirect vulnerability in command.php in SiteBar 3.3.8 allows remote attackers to redirect users to arbitrary web sites via a URL in the forward parameter in a Log In action...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via 1 the lang parameter to integrator.php; 2 the token parameter in a New Password action, 3 the nidacl parameter in a Folder Properties action, or 4 the uid parameter...
CVE-2007-5693
Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...
Design/Logic Flaw
Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...
CVE-2007-5692
Multiple cross-site scripting XSS vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via 1 the lang parameter to integrator.php; 2 the token parameter in a New Password action, 3 the nidacl parameter in a Folder Properties action, or 4 the uid parameter...
Path traversal
Absolute path traversal vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491...
CVE-2007-5692
Multiple cross-site scripting XSS vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via 1 the lang parameter to integrator.php; 2 the token parameter in a New Password action, 3 the nidacl parameter in a Folder Properties action, or 4 the uid parameter...
Open redirect
Open redirect vulnerability in command.php in SiteBar 3.3.8 allows remote attackers to redirect users to arbitrary web sites via a URL in the forward parameter in a Log In action...
CVE-2007-5695
Open redirect vulnerability in command.php in SiteBar 3.3.8 allows remote attackers to redirect users to arbitrary web sites via a URL in the forward parameter in a Log In action...
CVE-2007-5693
Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...
CVE-2007-5692
Multiple cross-site scripting XSS vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via 1 the lang parameter to integrator.php; 2 the token parameter in a New Password action, 3 the nidacl parameter in a Folder Properties action, or 4 the uid parameter...
CVE-2007-5692
SiteBar 3.3.8 (and related releases) is affected by CVE-2007-5692 among several XSS issues. The vulnerabilities permit remote attackers to inject arbitrary scripts/HTML via multiple parameters (lang, token, nid_acl, uid, target) across integrator.php, New Password, Folder Properties, Modify User,...
NDSA20071016.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nth Dimension Security Advisory NDSA20071016 Date: 16th October 2007 Author: Tim Brown URL: / Product: SiteBar 3.3.8 Vendor: Ondřej Brablc, David Szego and SiteBar Team Risk: High Summary This advisory comes in 4 related parts: 1 SiteBar application h...
Directory traversal
Directory traversal vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter...
CVE-2007-5492
Static code injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter...
CVE-2006-3320
Cross-site scripting XSS vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter...
CVE-2006-3320
SiteBar 3.3.8 and earlier are affected by a cross‑site scripting (XSS) vulnerability in command.php via the command parameter. The Debian advisory DSA-1130-1 and OpenVAS entries confirm XSS due to missing input validation, with fixes delivered in Debian stable to 3.2.6-7.1 and in sid to 3.3.8-1.1...