34 matches found
CVE-2001-1535
Slashcode 2.0 creates new accounts with an 8-character random password, which could allow local users to obtain session ID's from cookies and gain unauthorized access via a brute force attack...
EUVD-2000-1002
Malware in sbrugna...
EUVD-2002-1662
Malware in sbrugna...
EUVD-2008-2548
Malware in sbrugna...
EUVD-2004-2646
Malware in sbrugna...
EUVD-2002-1628
Malware in sbrugna...
CVE-2008-2553
Cross-site scripting XSS vulnerability in Slashdot Like Automated Storytelling Homepage Slash aka Slashcode R25094 and earlier allows remote attackers to inject arbitrary web script or HTML via the userfield parameter...
CVE-2008-2231
SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage Slash aka Slashcode R25094 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter...
Sql injection
SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage Slash aka Slashcode R25094 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter...
CVE-2008-2553
Cross-site scripting XSS vulnerability in Slashdot Like Automated Storytelling Homepage Slash aka Slashcode R25094 and earlier allows remote attackers to inject arbitrary web script or HTML via the userfield parameter...
CVE-2008-2231
SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage Slash aka Slashcode R25094 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter...
CVE-2008-2553
Cross-site scripting XSS vulnerability in Slashdot Like Automated Storytelling Homepage Slash aka Slashcode R25094 and earlier allows remote attackers to inject arbitrary web script or HTML via the userfield parameter...
CVE-2008-2553
Affected product: Slash, the Slashdot Like Automated Storytelling Homepage (Slashcode). Vulnerability: Cross-site scripting (XSS) via the userfield parameter in Slashcode releases up to R_2_5_0_94. Impact (as stated): Remote attackers can inject arbitrary web script or HTML. No other impact detai...
CVE-2008-2231
The CVE in question affects Slash, the Slashdot-Like Automated Storytelling Homepage (Slashcode) R_2_5_0_94 and earlier. The issue is an SQL injection vulnerability via the id parameter, caused by insufficient input sanitization that enables remote attackers to execute SQL commands and read table...
CVE-2004-2656
CVE-2004-2656 refers to multiple cross-site scripting (XSS) vulnerabilities in the Slashdot Like Automated Storytelling Homepage (Slash) a.k.a. Slashcode, fixed in R_2_5_0_41. The flaws allow remote attackers to inject arbitrary web script or HTML via the topic parameter in search.pl and the filt...
CVE-2004-2656
Multiple cross-site scripting XSS vulnerabilities in Slashdot Like Automated Storytelling Homepage Slash aka Slashcode before R25041 allow remote attackers to inject arbitrary web script or HTML via 1 the topic parameter in search.pl and 2 the filter parameter in submit.pl...
CVE-2001-1535
CVE-2001-1535 concerns Slashcode 2.0, where new accounts are created with an 8-character random password. The flaw can let local attackers obtain session IDs from cookies and use a brute‑force attack to gain unauthorized access. This impacts confidentiality, integrity, and availability on affecte...
CVE-2001-1535
Slashcode 2.0 creates new accounts with an 8-character random password, which could allow local users to obtain session ID's from cookies and gain unauthorized access via a brute force attack...
CVE-2002-1748
Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as used in Slashcode, allows remote authenticated users to gain access to arbitrary accounts...
CVE-2002-1681
Cross-site scripting XSS vulnerability in Slashcode CVS releases June 17 through July 1 2002 allows remote attackers to execute arbitrary script as other users by injecting script into the paragraph tag...