23 matches found
EUVD-2015-4371
Malware in sbrugna...
EUVD-2015-4372
Malware in sbrugna...
Drupal Spider Contacts Module Cross-Site Request Forgery Vulnerability
Drupal is a free, open-source content management system developed in PHP.Spider Contacts is a contact component. A cross-site request forgery vulnerability exists in the Drupal Spider Contacts module that allows remote attackers to construct malicious URIs, trick users into parsing them, and can...
CVE-2015-4349
Cross-site request forgery CSRF vulnerability in the Spider Contacts module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete contact categories via unspecified vectors...
CVE-2015-4348
SQL injection vulnerability in the Spider Contacts module for Drupal allows remote authenticated users with the "access Spider Contacts category administration" permission to execute arbitrary SQL commands via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Spider Contacts module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete contact categories via unspecified vectors...
Sql injection
SQL injection vulnerability in the Spider Contacts module for Drupal allows remote authenticated users with the "access Spider Contacts category administration" permission to execute arbitrary SQL commands via unspecified vectors...
CVE-2015-4348
CVE-2015-4348 affects the Drupal Spider Contacts contributed module. The vulnerability is an SQL injection in the module that allows remote authenticated users possessing the "access Spider Contacts category administration" permission to execute arbitrary SQL via unspecified vectors. Root cause d...
CVE-2015-4349
CVE-2015-4349 affects the Drupal Spider Contacts module. It is a Cross-Site Request Forgery (CSRF) vulnerability that enables an attacker to hijack administrator actions for requests that delete contact categories. The issue is tied to the Spider Contacts module (not Drupal core) and is mitigated...
CVE-2015-4349
Cross-site request forgery CSRF vulnerability in the Spider Contacts module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete contact categories via unspecified vectors...
CVE-2015-4348
SQL injection vulnerability in the Spider Contacts module for Drupal allows remote authenticated users with the "access Spider Contacts category administration" permission to execute arbitrary SQL commands via unspecified vectors...
Multiple Cross-Site Request Forgery Vulnerabilities in Drupal Spider Contacts Module
Drupal is an open source content management platform. Multiple cross-site request forgery vulnerabilities exist in the Drupal Spider Contacts module, which could be exploited by an attacker to perform certain unauthorized actions and gain access to vulnerable applications...
Multiple SQL Injection Vulnerabilities in Drupal Spider Contacts Module
Drupal is an open source content management platform. Multiple SQL injection vulnerabilities exist in the Drupal Spider Contacts module, which could be exploited by attackers to compromise an application, access and modify data, or potentially exploit a vulnerability in the underlying database...
SA-CONTRIB-2015-057 - Spider Contacts - Multiple vulnerabilities - Unsupported
Spider Contacts module provides a user-friendly way to manage and display contacts. The module doesn't use Drupal's Database API properly, not sanitizing user input on SQL queries and thereby exposing a SQL Injection vulnerability. This vulnerability is mitigated by the fact that the attacker mus...
Joomla Spider Contacts 1.3.6 /index.php SQL注入漏洞
No description provided by source...
Joomla Spider Contacts 1.3.6 (index.php, contacts_id param) - SQL Injection
No description provided by source...
Joomla! Spider Contacts 'index.php' SQL injection vulnerability-vulnerability warning-the black bar safety net
Affected system: Joomla! Spider Contacts = 1.3.6 Description: BUGTRAQ ID: 6 9 7 5 7 Joomla! Spider Contacts is a Joomla! An extension, you can easily manage contact information. Spider Contacts 1.3.6 and earlier in the realization of the presence ofsql injectionvulnerabilities successfully...
Spider Contacts 1.3.6 SQLI
Joomla Spider Contacts 1.3.6 SQL Injection Developer update http://web-dorado.com/products/joomla-contacts.html...
Joomla! Component Spider Contacts 1.3.6 - contacts_id SQL Injection
Joomla! Component Spider Contacts 1.3.6 - contactsid SQL Injection !/usr/bin/env python Exploit Title : Joomla Spider Contacts = 1.3.6 SQL Injection Exploit Author : Claudio Viviani Vendor Homepage : http://web-dorado.com/ Software Link :...
Joomla Spider Contacts <= 1.3.6 SQL Injection Exploit
Exploit for php platform in category web applications !/usr/bin/env python Exploit Title : Joomla Spider Contacts = 1.3.6 SQL Injection Exploit Author : Claudio Viviani Vendor Homepage : http://web-dorado.com/ Software Link :...