EUVD-2014-5343

Malware in sbrugna...

The vulnerability of the stats module in the Netcat CMS system allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the stats module in the Netcat CMS system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

PT-2024-5679 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue exists due to a lack of protection measures for the web page structure in the stats module of the Netcat CMS system. This allows a remote attacker to execute arbitrary JavaScri...

CVE-2014-5456

Cross-site scripting XSS vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the "Content Type: Create new content" permission to inject arbitrary web script or HTML via vectors related to the configuration...

CVE-2014-5456

CVE-2014-5456 relates to the Drupal Social Stats module for 7.x-1.x. The vulnerability is a persistent XSS caused by insufficient filtering of text stored in the module’s configuration, exploitable by remote authenticated users who have the "[Content Type]: Create new content" permission. Affecte...

Sql injection

Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via 1 the pseudo parameter to login.php, 2 the id parameter to index.php in a carnet editer action in the MemberSpace espacemembre module, or 3 the typenav parameter to index.php in a...

CVE-2007-4956

Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via 1 the pseudo parameter to login.php, 2 the id parameter to index.php in a carnet editer action in the MemberSpace espacemembre module, or 3 the typenav parameter to index.php in a...

kwsstats-sql.txt

Script..........................: KwsPHP ver 1.0 stats Module Script Site..................: http://kws.koogar.org/ Vulnerability...............: Remote SQL injection Exploit Access.........................: Remote level.............................: Dangerous Author..........................: S4...

KwsPHP 1.0 stats Module - SQL Injection

KwsPHP 1.0 stats Module - SQL Injection Script..........................: KwsPHP ver 1.0 stats Module Script Site..................: http://kws.koogar.org/ Vulnerability...............: Remote SQL injection Exploit Access.........................: Remote level.............................:...

PT-2005-3706 · Maxdev · Maxdev Md-Pro

Name of the Vulnerable Software and Affected Versions: MAXdev MD-Pro versions 1.0.72 and earlier Description: The issue affects one or more modules in MAXdev MD-Pro, including the Download, Search, Web links, Blocks, Messages, News, Comments, Settings, Stats, or subjects modules. The impact and...

CVE-2005-1508

Multiple cross-site scripting XSS vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 month or 2 annee parameters to the news module, 3 nbractif or 4 annee parameters to the stats module, 5 id parameter to profil.php, 6 mblettre or 7 lettre...

CVE-2005-1508

PWSPHP (Portail Web System) is affected by cross-site scripting (XSS) in version 1.2.2 due to insufficient input validation in multiple modules/parameters (e.g., news, stats, profil.php, memberlist, recherche) and specifically the SettingsBase.php skin parameter per the NASL entry. The vulnerabil...

CVE-2005-1508

Multiple cross-site scripting XSS vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 month or 2 annee parameters to the news module, 3 nbractif or 4 annee parameters to the stats module, 5 id parameter to profil.php, 6 mblettre or 7 lettre...